North Korean Hackers Target Cryptocurrency Firms in Massive 3CX Supply Chain Hack – Here's What Happened
Russian cybersecurity firm Kaspersky has warned of a new form of attack on cryptocurrency firms, which it says is carried out with "surgical precision" by hackers using corrupted software.
Kaspersky's research identified several crypto-focused companies as victims of the 3CX software supply-chain attack in the past week.
While it did not name the targeted firms, it did reveal they were based in "western Asia".
The attack, which is believed to have been carried out on behalf of the North Korean government, involved corrupting the widely used VoIP application, 3CX, to push the hackers' code onto victims' machines.
Georgy Kucherin, a researcher on Kaspersky's GReAT team of security analysts, said that this attack type is "becoming very common," and explained:
"During supply-chain attacks, the threat actor conducts reconnaissance on the victims, collecting information, then they filter out this information, selecting victims to deploy a second-stage malware.”
The filtering is meant to help the attackers avoid detection, given that deploying the second-stage malware to many victims becomes easier to detect.
However, something seems to have gone wrong here.
The 3CX supply-chain attack was detected quickly, at least compared to others, Kucherin said. Security companies like CrowdStrike and SentinelOne detected the installation of the initial malware last week already, less than a month after it was deployed.
"They tried to be stealthy, but they failed," Kucherin says. "Their first-stage implants were discovered."
CrowdStrike and SentinelOne identified North Korean hackers as the attackers who compromised 3CX installer software used by 600,000 organizations globally, per Wired.
Kaspersky further found that the hackers sifted through
Read more on cryptonews.com
