North Korea's Lazarus Group Launches Double Supply Chain Attack on 3CX, Compromising 12M Users
A complex cyber attack, known as a double supply chain attack, has been uncovered, affecting VoIP software provider 3CX and its customers. The attack, orchestrated by North Korea's Lazarus hacking group, compromised over 600,000 customers and 12 million users worldwide.
The compromise began in 2022 when a 3CX employee installed a malware-laced software package distributed via an earlier software supply chain compromise. The package, a library called ffmpeg, was hosted by a previously trusted third-party who had themselves sourced it from a compromised origin. This initial compromise led to a second supply chain attack when the malicious ffmpeg package was integrated into 3CX's software during their CI/CD pipeline, resulting in the installation of malware on customer devices.
The malware, designed to target Mac and Linux users working at defense and cryptocurrency firms, sought out new instructions by consulting encrypted icon files hosted on GitHub. Microsoft Corp. attributed these attacks to North Korea's Lazarus hacking group, previously known as 'ZINC' or 'Diamond Sleet'. Remarkably, ESET discovered similar malware deployed via fake job offers on LinkedIn, suggesting a connection between the 3CX supply chain attack and the LinkedIn phishing campaign.
The double supply chain attack on 3CX serves as a stark reminder of the importance of supply chain security and transparency. Trading Technologies International's X_TRADER software was the first link in this complex chain, highlighting the need for robust security measures throughout the software supply chain. With over 600,000 customers and 12 million users affected, the impact of this attack is significant. As investigations continue, it is crucial for organizations to remain vigilant and prioritize the security of their software supply chains.
Read also:
- State Supreme Court Rules in Favor of Hogg Hummock Residents, Referendum on Zoning Change to Proceed
- Hundreds of Steelworkers and Metalworkers Protest in Duisburg for 4% Pay Hike
- chaos unveiled on Clowning Street: week 63's antics from 'Two-Tier Keir' and his chaotic Labour Circus
- Budget discrepancy jeopardizes highway projects' financial support
