3CX blames North Korea for large-scale supply chain hacking

by Ana Lopez

Enterprise phone provider 3CX has confirmed that North Korean-backed hackers were behind last month’s supply chain attack, which appeared to target cryptocurrency companies.

3CX, which provides online voice, video conferencing and messaging services for businesses, teamed up with cybersecurity firm Mandiant to investigate the attack. Hackers have compromised the company’s desktop phone software used by hundreds of thousands of organizations to install information-stealing malware into their customers’ corporate networks.

Pierre Jourdan, 3CX Chief Information Security Officer said on Tuesday that their investigation confirms that hackers associated with the North Korean regime were behind the attack.

“Based on the Mandiant investigation into the 3CX intrusion and supply chain attack so far, they attribute the activity to a cluster named UNC4736,” Jourdan said. “Mandiant assesses with great confidence that UNC4736 has a North Korean nexus.”

Cybersecurity giant CrowdStrike last week linked the 3CX breach to hackers it calls Labyrinth Chollima, a subunit of the infamous Lazarus Group, known for stealthy hacks targeting cryptocurrency exchanges to fund its nuclear weapons program. Russia-based Kaspersky Lab also attributed the 3CX breach to North Korea.

Kaspersky said inside his analysis of the attack that the hackers deployed a backdoor it has dubbed “Gopuram” on infected systems, pointing out that the attackers have “a specific interest in cryptocurrency companies.” Kaspersky added that Gopuram was deployed on less than ten machines. indicating that the attackers used this back door with “surgical precision”.

In a forum post Last week, 3CX CEO Nick Galea said the company is only aware of “a handful of cases” where malware has been activated. However, the impact of the attack and how 3CX was compromised remains unknown. 3CX claims to have more than 600,000 business customers worldwide and more than 12 million active daily users.

Related Posts