Critical Infrastructure Organizations Further Affected in 3CX Breach

As investigations continue, researchers find confirmation in their suspicions of a sprawling attack affecting multiple organizations.

Dark Reading Staff, Dark Reading

April 24, 2023

1 Min Read
the North Korean flag formed out of different colored code.
Source: Bee Bright via Shutterstock

Just a month after the North Korea-linked APT hacker group known as Lazarus targeted 3CX in a supply chain attack, Symantec's researchers have found that two infrastructure organizations as well as two businesses involved in financial trading were affected in the same attack.

The initial compromise that affected 3CX — also known as the X-Trader software supply chain attack and first discovered by Mandiant researchers — was a supply chain compromise that "spread malware via a Trojanized version of 3CX's legitimate software that was available to download from their website." This breach caused customers to download malicious versions of the company's video-calling software.

As the investigation unfolds with new information, the names of the two critical infrastructure organizations affected have not been revealed, but they are in the power and energy sector, in the US and Europe, respectively. The attack seems to be financially motivated; while North Korea-sponsored threat actors engage in cyber espionage, they also go after funds for the regime. 

If important organizations are being targeted now, it could lead to further exploitation in the future, researchers are warning.

"The impact from these infections is unknown at this time — more investigation is required and is on-going," said Eric Chien, director of security response at Symantec, after stating that the attacks occurred between September and November last year.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights