News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

APT group Lazarus is behind the cyber attack on 3CX
APT group Lazarus is behind the cyber attack on 3CX

With Operation DreamJob, the APT (Advanced Persistent Threat) group Lazarus attacked Linux users for the first time. The most prominent victim is the VoIP software developer 3CX. ESET experts discover connection to cyber attack on 3CX. The researchers at the IT security manufacturer ESET were able to reconstruct the entire course of the operation and thus prove that the hackers allied with North Korea were behind the so-called supply chain attacks ("supply chain attack"). The mischief takes its insidious course with a fake job offer as a zip file and ends with the SimplexTea malware. The Linux backdoor is distributed via an OpenDrive account. 3CX: It was Lazarus from North Korea...

Read more

3CX: 3CX Desktop App Security Incident Results
B2B Cyber ​​Security ShortNews

3XC, the provider of the popular Phone System VOIP/PBX software, had an issue with a trojanized version of the 3CX desktop app. With 600.000 customers in 190 countries waiting for answers, 3CX employed specialist Mandiant as the investigation team for the forensic analysis. Now the first findings are available that it is probably a North Korean APT group. Based on Mandiant's previous investigation into the 3CX intrusion and supply chain attack, they assign the activity to a cluster called UNC4736. Mandiant believes with a high degree of certainty that UNC4736 has a North Korean connection. Windows-based malware client…

Read more

Infected version of VoIP program 3CX delivers backdoor
Kaspersky_news

Kaspersky experts analyzed the supply chain attack carried out via the popular VoIP program 3CXDesktopApp and installed an infostealer or backdoor. During the analysis, they found a suspicious dynamic link library (DLL) on one computer, which was loaded into the infected 3CXDesktopApp.exe process. Kaspersky experts launched an investigation into a case related to this DLL on March 21, about a week before the discovery of the supply chain attack. This DLL was used in deployments of the "Gopuram" backdoor and has been observed by Kaspersky since 2020....

Read more

VOIP/PBX software 3CX abused for sideloading attack
SophosNews

A trojanized version of the popular phone system VOIP/PBX software 3CX is currently making headlines. The business phone system is used by companies in 190 countries worldwide. An installation program including a Trojan is foisted on Windows users via a DLL sideloading attack. The attack appears to have been a supply chain attack, which allowed attackers to add a desktop application installer that ultimately sideloaded a malicious, encrypted payload via a DLL. Phone system secretly attacked Mat Gangwer, VP Managed Threat Response at Sophos on the current situation: "The attackers managed to manipulate the application to create a...

Read more