Crypto Firms Targeted in Major Supply Chain Attack: Kaspersky

A backdoor-delivering malware was found by Crowdstrike and Kaspersky in a communications app, but they asserted that it had only been utilized a few times.

Kaspersky reported that despite only being implemented in less than 10 machines, a supply chain hack established a backdoor in PCs all over the world.

It was further said that the deployments revealed a special interest in cryptocurrency businesses.

According to Kaspersky, the threat actor Labyrinth Chollima, who has ties to North Korea, may be involved. 3CX described the disease as follows:

“This looks to have been a targeted attack by an Advanced Persistent Threat, possibly even one that was sponsored by a state, that used a sophisticated supply chain attack to select the users who would download their malware’s later stages.”

Meanwhile, Crowdstrike, a cybersecurity company, reported on March 29 that it had found malicious activity on the 3CXDesktopApp softphone software. Business clients are advertised the app to.

The detrimental behaviors included “beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a tiny number of cases, hands-on-keyboard action.”

According to the business, Kaspersky was already investigating a dynamic link library (DLL) found in one of the 3CXDesktopApp.exe files that had been corrupted. The questioned DLL was used to send the Gopuram backdoor, but it wasn’t the only malicious payload used in the attack. Gopuram has been found to coexist with the AppleJeus backdoor connected to the North Korean Lazarus gang, according to Kaspersky.

The 3CX software is infected all over the world, with Brazil, Germany, Italy, and France having the greatest infection rates. Nonetheless, Gopuram has been installed with “surgical precision” in less than ten machines, according to Kaspersky. In the past, it had discovered a Gopuram infestation in a Southeast Asian cryptocurrency business.

Thomas Roccia 🤘

2023-03-31 05:07

🔍If you are looking for a comprehensive overview of the current #3CX supply chain attack, I created a diagram that shows the attack flow!💥I’ll update as soon as the analysis progresses. Stay tuned for the MacOS edition! #cybersecurity #infosec #supplychainattack #3CXpocalypse https://t.co/ANVLCgExmU

1333 24

Key Takeaway

• Small number of crypto company affected by supply chain attack
• Kaspersky accuses North Korea for the attack.
• Selected countries like South Asia are experiencing the greatest hit in their crypto business.

What to think about on cryptocurrency

Supply chain attacks pose a serious threat to enterprises all over the world, as evidenced by the finding of backdoor-delivering malware in the 3CXDesktopApp softphone software. Due to the high value of digital assets and the absence of industry regulation, bitcoin businesses are progressively turning into lucrative targets for the attackers responsible for the incident.

One of the most important lessons that organizations may take away from this incident is the necessity of continuing to implement robust cybersecurity controls, especially with regard to their supply chains. To safeguard their networks from cyber attacks, businesses should adopt multi-layered security systems that include firewalls, intrusion detection and prevention systems, and anti-virus software, among others.

Final Note

The discovery of the virus that opens backdoors in the 3CXDesktopApp application serves as a reminder of the growing amount of cyber dangers that businesses around the world must manage. Organizations must take preventative measures to safeguard their networks and data against cyber threats. This entails implementing stern cybersecurity safeguards, regular software upgrades and patches, incident response plans, and familiarity with geopolitical concerns.