3CX, a company with over 600,000 business customers globally and around 12 million daily active users, recently experienced a significant supply chain attack. CrowdStrike researchers identified malicious activities linked to 3CX late last month, which included communication with infrastructure controlled by an external threat actor, deployment of secondary payloads, and direct manipulation by the attackers.
This supply chain attack is attributed to state-linked entities associated with Labyrinth Chollima, an advanced persistent threat group connected to the Democratic People’s Republic of Korea (North Korea). While other researchers have linked the attacks to similar actors, there has been no official public attribution from federal authorities.
The scope of the attack is notable, with Huntress reporting over 242,000 publicly exposed 3CX versions detectable on Shodan, a search engine for Internet-connected devices. The planning for the attack appears to have been extensive, as indicated by the registration of network infrastructure dating back to February 2022.
Both Windows and macOS versions of the 3CX application were compromised in the attack. This information was confirmed by 3CX and initially reported by CrowdStrike, highlighting the broad impact of the attack on the company’s software and its users.
Discover comprehensive supply chain report news insights at The Supply Chain Report. For international trade resources, visit ADAMftd.com.
#3CX #SupplyChainAttack #CrowdStrike #MaliciousActivity #APT #LabyrinthChollima #NorthKorea #CyberSecurity #Huntress #Shodan #Windows #MacOS #SecurityBreach #AdvancedPersistentThreat #CyberThreat #3CXCompromise #CyberAttack #StateLinkedThreat #ThreatActor #CyberDefense
