3CX Supply Chain Attack Traced to Employee Who Installed Malicious App
The supply chain attack on the 3CX voice-calling app has been traced back to a company employee installing a legitimate, but malware-laden program, onto their personal computer.
The findings(Opens in a new window) come from cybersecurity vendor Mandiant, which 3CX hired to conduct the investigation into how the company’s desktop apps became rigged last month to serve malicious code to both Windows and Mac users.
Mandiant uncovered evidence that the breach started with another company, called Trading Technologies, the developer of the futures trading app X_Trader. Last year, suspected North Korean hackers were spotted(Opens in a new window) compromising the company’s website.
The same hackers tampered with the X_Trader app and served it to potential victims on a company website. As evidence, Mandiant says the malware-laden X_Trader app was signed with valid code-signing certificates in the name of “Trading Technologies International, Inc.” that were set to expire in October 2022.
Last year, a 3CX employee installed X_Trader on their own personal computer, which paved a way for the hackers to breach 3CX months ago. “Mandiant assesses the threat actor stole the employee's 3CX corporate credentials from his system,” 3CX said in its own report(Opens in a new window).
“The earliest evidence of compromise uncovered within the 3CX corporate environment occurred through the VPN using the employee's corporate credentials two days after the employee's personal computer was compromised,” the company added. Once inside 3CX’s network, the hackers proceeded to steal other login credentials to gain access to the internal software building systems for the Windows and Mac version of the 3CX desktop app.
Like other cybersecurity
Read more on pcmag.com
