Researchers has revealed that the breach of 3CX first reported last month, caused by a software supply chain attack on a third party.
The 3CX breach was first detected by customers during last month, but only came to light a week later when various cybersecurity companies identified it. As part of the attack, the hackers packaged malicious code into the 3CX desktop installer and customers that already had 3CX installed also received an update that contained the malicious code.
Before this attack, they had compromised the supply chain of futures trading platform provider Trading Technologies International. 3CX hired Mandiant to offer forensic analysis and they found that a 3CX employee had downloaded and installed a compromised version of Trading Technologies software that had been tampered with. Once the software had been installed, it gave the hackers access to the 3CX network, allowing them to move laterally through the network until ultimately breaching 3CX’s Windows and macOS software.
The researchers also note that the Trading Technologies X_TRADER software had been installed by the 3CX employee in April 2022, meaning that Lazarus had access to and had been moving laterally through 3CX’s network over a year.
The attack on Trading Technologies and 3CX to linked to threat actor UNC4736, also known as Labyrinth Chollima. Depending on the source, UNC4736 is either an alternative name for or a subgroup of the infamous North Korean hacking group Lazarus.
This is just an example of an extended software supply chain. It’s critical to ask upstream suppliers about how well their supply chain, including build pipeline and development environments, is protected. Their supply chain is a part of your supply chain.
By implementing robust cybersecurity criteria and facilitating collaboration, organizations must mitigate the risk of future attacks and protect their critical assets and data. As the cybersecurity landscape evolves, remaining vigilant and continually adapting to new threats will be crucial in maintaining a dependable defense against cybercriminals.
This research notes were revealed by researchers from Mandiant.