3CX breach linked to previous supply chain compromise

Pieces of the 3CX supply chain compromise puzzle are starting to fall into place, though we’re still far away from seeing the complete picture. In the meantime, we now also know that: The source of the 3CX breach was a compromised installer for X… Continue reading 3CX breach linked to previous supply chain compromise

Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs

The North Korean hacking group behind the supply chain attack that hit 3CX also broke into two critical infrastructure organizations in the energy sector.
The post Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs appeared first … Continue reading Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs

3CX Breach Was a Double Supply Chain Compromise

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks. Continue reading 3CX Breach Was a Double Supply Chain Compromise

Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App

3CX hack is the first known cascading supply chain attack, with the breach starting after an employee downloaded compromised software from a different firm.
The post Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App app… Continue reading Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App

3CX supply chain attack was the result of a previous supply chain attack, Mandiant says

The incident is the first known case of one supply chain attack leading to a second supply chain attack.

The post 3CX supply chain attack was the result of a previous supply chain attack, Mandiant says appeared first on CyberScoop.

Continue reading 3CX supply chain attack was the result of a previous supply chain attack, Mandiant says

Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers

3CX has confirmed previous reports that the recently disclosed supply chain attack was likely conducted by North Korean hackers.
The post Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers appeared first on SecurityWeek.
Continue reading Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers

3CX compromise: More details about the breach, new PWA app released

3CX has released an interim report about Mandiant’s findings related to the compromise the company suffered last month, which resulted in a supply chain attack targeting cryptocurrency companies. They discovered that: The attackers infected targe… Continue reading 3CX compromise: More details about the breach, new PWA app released

3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms

3CX supply chain attack appears to have been conducted by North Korean hackers with the goal of targeting cryptocurrency firms.
The post 3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms appeared first on SecurityWeek.
Continue reading 3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms