Understanding the Attack
A recent supply chain attack has rattled the cybersecurity community, with reports that a backdoor was inserted into computers through the widely-used 3CX softphone app. Remarkably, this backdoor, known as Gopuram, has been identified in fewer than ten systems, indicating a methodical and targeted approach by the attackers.
Who’s Behind It?
Kaspersky has linked this operation to the notorious Labyrinth Chollima, a group financed by North Korean interests. Their focus seems to be on cryptocurrency companies, as seen through their surgical precision in selecting targets, suggesting a sophisticated agenda aimed at financial gain.
From App to Attack: The Role of 3CX
The 3CX softphone app is no small fry; it serves over 600,000 organizations, including major brands. This level of exposure makes it a tempting target. The malicious activities detected included software contacting third-party servers controlled by the attackers and, in some instances, direct keyboard interactions—scary stuff for corporations running the software.
Infection Spread: Global Impact
3CX users in regions like Brazil, Germany, Italy, and France have reported infections, though the number remains low given the scale of deployment. The complexity of the attack emphasizes the targeted nature—it’s not just a scattergun approach but rather an expertly curated list of victims. This method has come to be termed ‘surgical precision’ by cybersecurity experts.
What’s Next?
The immediate response from 3CX has been to label this a Planned Advanced Persistent Threat, hinting towards a state-sponsored design behind the attack. As investigations continue, and more payloads are discovered, it’s crucial for companies, particularly in crypto, to monitor their systems and remain vigilant against similar threats in the future.
+ There are no comments
Add yours