A threat actor suspected of working for the North Korean government has been observed trojanizing a version of the voice and video calling desktop client 3CX DesktopApp and launching attacks against multiple victims. .
Symantec’s Threat Intelligence team shared its findings in an advisory released today, explaining that the attacker’s tactics are similar to those used against SolarWinds in 2022.
Learn more about SolarWinds here.
“In an attack reminiscent of SolarWinds, the installers of several recent Windows and Mac versions of the software were compromised and modified by the attackers to deliver additional information-stealing malware to users’ computers.” and read technical articles.
According to the security team, the information gathered by the malware could have allowed the attacker to determine whether the victim was a candidate for further compromise.
“This is a classic supply chain attack designed to exploit the trust relationship between an organization and an external party. This includes use of third-party software that uses
“This case serves as a reminder of how important it is to conduct due diligence when it comes to scrutinizing who you are doing business with.”
Symantec also confirmed that it had alerted 3CX to the attack, and advised users to uninstall the app immediately as the company is working on an update to address the issue in the next few hours.
said Michael White, Technical Director and Principal Architect at Synopsys.
“The good news is that not only government initiatives driven by groups such as NIST and CISA, but the broader industry has already proposed a range of countermeasure techniques that can be adopted, such as the guidance found within SLSA and NIST SSDF. is to be.”
Symantec’s advisory comes months after CISA, NSA, and npm released their latest software supply chain guidance.
