Friday 21st April 2023

CTI Weekly: 3CX breach highlights the risk of cascading supply chain compromises

3CX, a VoIP desktop client provider used by high-profile organizations, was breached via third-party software. North Korean-linked threat actors were responsible for the supply chain compromise and hijacked third-party software supplied by Trading Technologies to gain initial access to 3CX’s corporate network. Around ten cryptocurrency companies that were impacted by the breach were infected with the Gopuram backdoor, raising the possibility of future supply chain compromises leading to follow-on operations that distribute malware to various sectors. The targeting of cryptocurrency companies suggests a financial motive, and the full extent of the threat actors’ goals is not yet clear.

 

Other news:

 

Russian State-Sponsored

The NSCS and CISA issued a joint advisory that Russian state-sponsored APT28 exploited Cisco IOS routers in 2021 to distribute a custom malware. In a recent campaign, Russian espionage unit Gamaredon used a Web Panel to automate spear-phishing emails, as revealed by researchers.

 

Zero-days

Pinduoduo, a Chinese e-commerce app, distributed information-stealing malware to users by exploiting a zero-day Android framework vulnerability. Meanwhile, Google released an emergency update to address a zero-day vulnerability that affects Chrome browsers running on Windows, Mac, and Linux devices, confirming that it has been exploited in the wild.

 

Hacktivist

The pro-Russian hacktivist group Killnet disrupted Eurocontrol’s website after targeting the European air traffic control organization’s operational systems. Meanwhile, various pro-Palestinian and pro-Muslim hacktivist groups targeted Israeli public and private sector entities during the annual OpIsrael hacktivist campaign.

 

 

 

Subscribe below to more and to discover other significant cyber criminals, nation-state and hacktivist news.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.