Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

3CX supply chain attack is now also hitting crypto companies

Security attack

The hackers behind the recent large-scale supply chain attacks on VoIP provider 3CX are now specifically targeting cryptocurrency companies in an attempt to empty their wallets, researchers have warned.

By distributing a trojanized version of the VoIP solution, the attackers managed to infiltrate dozens of companies and place various stage-two malware on their endpoints. 

Now, cybersecurity researchers from Kaspersky have found the attackers also targeted, with high precision, no more than a dozen companies, with a unique backdoor called Gopuram.

Modular backdoor

BleepingComputer describes Gopuram as a modular backdoor capable of timestomping to evade detection, payload injection into already running processes, loading unsigned Windows drivers using the open-source Kernel Driver Utility, and more.

In fact, it was the use of Gopuram that made Kaspersky identify the threat actor behind the entire operation as North Korea’s Lazarus Group.

"The discovery of the new Gopuram infections allowed us to attribute the 3CX campaign to the Lazarus threat actor with medium to high confidence. We believe that Gopuram is the main implant and the final payload in the attack chain," Kaspersky researchers said.

Lazarus targeted less than ten machines with this backdoor, all of which are crypto firms, it was said. The motivation is most likely financial, the researchers suggest.

"As for the victims in our telemetry, installations of the infected 3CX software are located all over the world, with the highest infection figures observed in Brazil, Germany, Italy and France," the report reads. "As the Gopuram backdoor has been deployed to less than ten infected machines, it indicates that attackers used Gopuram with surgical precision. We additionally observed that the attackers have a specific interest in cryptocurrency companies."

3CX has more than 12 million daily users, with products used by more than 600,000 companies worldwide Its customer list includes high-profile companies and organizations like American Express, Coca-Cola, McDonald's, Air France, IKEA, the UK's National Health Service, and multiple automakers, including BMW, Honda, Toyota, and Mercedes-Benz.

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.