The attackers have been linked to North Korea and appear to be involved in cyberespionage and financially motivated attacks. Credit: Thinkstock The hacking group responsible for the supply-chain attack targeting VoIP company 3CX also breached two critical infrastructure organizations in the energy sector and two financial trading organizations using the trojanized X_TRADER application, according to a report by Symantec. Among the two affected critical infrastructure organizations, one is located in the US while the other is in Europe, Symantec told Bleeping Computer. The report of other organizations also being breached comes a day after Mandiant revealed that trojanized X_TRADER application was the cause of the 3CX breach. “The attackers behind these breaches clearly have a successful template for software supply chain attacks and further similar attacks cannot be ruled out,” Symantec said in its report. Last month, several security researchers reported that the 3CX Desktop App had malware in it. The company confirmed the same and released an update for the Desktop App.Attacks attributed to Lazarus group Based on the methodology, Mandiant has attributed the attacks to the North Korean hacking group Lazarus. Symantec too agrees that the attackers appear to be linked to North Korea. “It appears likely that the X_Trader (X_TRADER) supply chain attack is financially motivated, since Trading Technologies, the developer of X_Trader (X_TRADER), facilitates futures trading, including energy futures,” Symantec said in the report, adding that North Korea-sponsored actors are known to engage in both espionage and financially-motivated attacks.“It cannot be ruled out that strategically important organizations breached during a financial campaign are targeted for further exploitation,” Symantec said.Initiated by prior supply chain compromise The 3CX supply chain compromise attack was carried out as hackers gained access to the company’s network and systems as a result of a different software supply chain attack involving a third-party application for futures trading, according to Mandiant. The hackers gained access to 3CX’s network after one of the company’s employees installed a futures trading platform called X_TRADER from Trading Technologies on their personal computer in 2022. This software had been trojanized with a backdoor as a part of a different software supply chain attack. The X_TRADER software was discontinued in 2020 but was still available for download from the company’s website in 2022.This is the first supply chain compromise attack, which has led to a cascading software supply chain compromise, Mandiant said in the report. The attackers were able to gain lateral movement into 3CX’s network and inject malicious libraries into the Windows and MacOS versions of the Desktop App. Trojanized version deployed malware downloader and info stealerThe trojanized version of the 3CX Desktop App first deployed an intermediate malware downloader that reached out to a GitHub repository to obtain command-and-control addresses hidden inside icon files, Mandiant said in its report. The downloader then contacts the common-and-control server and deploys an information stealer that collects application configuration data as well as browser history. Mandiant had been contracted by 3CX to investigate the incident. Related content news analysis SEC rule for finance firms boosts disclosure requirements Amendments to Regulation S-P requires broker-dealers, investment companies, registered investment advisers, and transfer agents to disclose incidents to customers. By Evan Schuman May 17, 2024 5 mins Data Breach Financial Services Industry Data Privacy feature DDoS attacks: Definition, examples, and techniques Distributed denial of service (DDoS) attacks have been part of the criminal toolbox for over twenty years, and they’re only growing more prevalent and stronger. By Josh Fruhlinger May 17, 2024 10 mins DDoS Cyberattacks news FCC proposes BGP security measures Protecting the Border Gateway Protocol is as important as protecting the border. By Gyana Swain May 17, 2024 1 min Regulation Network Security news US AI experts targeted in cyberespionage campaign using SugarGh0st RAT Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence. By Lucian Constantin May 16, 2024 4 mins Phishing Data and Information Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe