• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Crypto Firms Are Likely Target for 3CX Attacks

You are here: Home / General Cyber Security News / Crypto Firms Are Likely Target for 3CX Attacks
April 4, 2023

A recently learned provide chain attack linked to North Korea was most possible devised to goal cryptocurrency firms with backdoor malware, in accordance to Kaspersky.

It was thought that the advanced multi-stage campaign was intended to fall an infostealer on qualified corporations. Nevertheless, the Russian AV seller has connected backdoor malware dubbed “Gopuram,” which it has been monitoring because 2020, to the attacks.

This both confirms the possible attack group as North Korea’s Lazarus and improvements the suspected conclusion target of the attackers from cyber-espionage to theft of electronic forex.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“While investigating an attack on a Southeast Asian cryptocurrency organization in 2020, we identified Gopuram co-current on the similar device with the AppleJeus backdoor, which is attributed to Lazarus,” Kaspersky wrote in a web site put up.

“Over the years, we observed number of victims compromised with Gopuram, but the range of infections started to improve in March 2023. As it turned out, the improve was specifically associated to the 3CX provide chain attack.”

Read more on North Korean crypto attacks: UN Hyperlinks North Korea to $281m Crypto Exchange Heist.

The modular backdoor is launched in the 3CX attack, as is the infostealer, as a next-stage payload by using DLL sideloading. It is utilized to accomplish a selection of steps on influenced equipment, like manipulating the Windows registry and expert services, executing timestomping on files and injecting payloads into processes.

In accordance to Kaspersky, the backdoor has been deployed to considerably less than 10 devices therefore far, indicating a extremely qualified marketing campaign focused specifically on cryptocurrency firms.

“We believe that Gopuram is the most important implant and the final payload in the attack chain. Our investigation of the 3CX campaign is even now significantly from comprehensive,” Kaspersky concluded. “We will go on examining the deployed implants to discover out extra details about the toolset applied in the provide chain attack.”

North Korean state hackers have been concentrating on crypto corporations for lots of years and are suspected of stealing billions of dollars to assistance fund the country’s nuclear weapons software.


Some areas of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «using apis to rewire supply chains in 2023 Using APIs to rewire supply chains in 2023
Next Post: US Authorities Seize $112m From “Pig Butchering” Scammers Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.