• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

North Korean Hacker Suspected in 3CX Software Supply Chain Attack

You are here: Home / General Cyber Security News / North Korean Hacker Suspected in 3CX Software Supply Chain Attack
April 20, 2023

The 3CX Desktop App application has been reportedly compromised by using a prior software package provide chain breach, with a North Korean actor suspected to be accountable.

In accordance to security researchers at Mandiant, the initial compromise was traced again to malware from financial software company Investing Technologies’ internet site.

The first attack observed hackers put a backdoor into an application offered on the internet site recognised as X_Trader 1. That contaminated app, later on mounted on the personal computer of a 3CX staff, authorized the hackers to unfold their obtain by means of 3CX’s network.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Producing in an advisory revealed earlier right now, Mandiant said this would be the first noticed instance of just one software package source chain attack foremost to a further.

“In late March 2023, a program supply chain compromise distribute malware by using a trojanized version of 3CX’s respectable software package that was available to obtain from their website,” wrote Mandiant’s Jeff Johnson, Fred Plan, Adrian Sanchez, Renato Fontana, Jake Nicastro, Dimiter Andonov and Marius Fodoreanu.

“[The attack] shows the possible arrive at of this type of compromise, specially when a menace actor can chain intrusions as demonstrated in this investigation.”

The security professionals said the affected versions of 3CX ended up DesktopApp 18.12.416 and previously, which contained malicious code.

Read extra on 3CX-qualified malware: North Korean Hackers Use Trojanized 3CX DesktopApp in Supply Chain Attacks

“[The code] ran a downloader, Suddenicon, which in turn obtained more command and command (C2) servers from encrypted icon files hosted on GitHub,” reads the technical publish-up.

The decrypted C2 server was then employed to obtain a 3rd-phase payload termed Iconicstealer, a data miner that steals browser facts. 

Mandiant stated the crew is currently monitoring this malicious exercise as UNC4736, a suspected North Korean nexus cluster of action.

“UNC4736 demonstrates different levels of overlap with a number of North Korean operators tracked by Mandiant Intelligence, particularly with those people included in fiscally-inspired cybercrime operations,” reads the company’s report.

“These clusters have shown a sustained aim on cryptocurrency and fintech-relevant products and services above time.”

The Mandiant advisory arrives a number of months right after the UK Countrywide Cybersecurity Centre (NCSC) unveiled tips to aid medium and massive enterprises map their supply chain dependencies.


Some elements of this post are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Daggerfly APT Targets African Telecoms Firm With New MgBot Malware
Next Post: Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.