Open swidup opened 1 year ago
"In what is described as the first known supply chain attack caused by another supply chain attack, leading security firm Mandiant is reporting that the recent breach of 3CX was caused by an earlier breach of futures trading platform Trading Technologies.
It is not clear why an employee of 3CX would have downloaded a piece of outdated trading software on the company’s internal network, but that appears to have been the source of the breach. Trading Technologies and 3CX have no business relationship or even any known contacts, and the trading software in question was deprecated in early 2020."
https://www.wired.com/story/3cx-supply-chain-attack-north-korea-cryptocurrency-targets/
"Security firms CrowdStrike and SentinelOne last week pinned the operation on North Korean hackers, who compromised 3CX installer software that's used by 600,000 organizations worldwide, according to the vendor. Despite the potentially massive breadth of that attack, which SentinelOne dubbed “Smooth Operator,” Kaspersky has now found that the hackers combed through the victims infected with its corrupted software to ultimately target fewer than 10 machines—at least as far as Kaspersky could observe so far—and that they seemed to be focusing on cryptocurrency firms with “surgical precision.”"
Interesting and relevant, but won't move the needle in the data. Coding deferred.
https://arstechnica.com/information-technology/2023/03/massive-supply-chain-attack-with-ties-to-north-korea-hits-users-of-3cx-voice-app/
We talk about this in the 2023 dbir