![]() She comes from a long line of religious women with roots on the island of Santo Domingo, but never felt that the religion she was brought up in was all that useful. As threat actors become increasingly resourceful, businesses and individuals alike must prioritize cybersecurity, remain vigilant, and consistently update their defenses to stay one step ahead of malicious actors.The leader of the Gargoyles is a so-called houngan named Sadie Jacobs. The sophisticated supply-chain attack on 3CX highlights the continually evolving landscape of cyber warfare. It remains unclear whether the compromised X_Trader software was downloaded by people at other software firms. Mandiant researchers anticipate that many more victims will be discovered among the customers of Trading Technologies and 3CX, now that news of the compromised software programs is public. Opening the file would display a decoy PDF with a job offer, while in the background, the executable file would download additional malware payloads. The malware was found in a document offering an employment contract at multinational bank HSBC. Linux Payload and the HSBC Job Offer:ĮSET researchers discovered a new fake job lure linked to an ongoing Lazarus campaign on LinkedIn, targeting Linux operating systems. Microsoft attributed these attacks to North Korea’s Lazarus group, previously known as ZINC, now referred to as Diamond Sleet. The attackers disguised their malware as legitimate open-source software like Sumatra PDF and the SSH client Putty. Microsoft detected social engineering campaigns using fake LinkedIn accounts to impersonate recruiters at technology, defense, and media companies. Malware Disguised as Legitimate Software: Bogus LinkedIn profiles have been used to lure targets into opening malware-laced documents disguised as job offers, with the ongoing North Korean espionage campaign first documented in 2020 by ClearSky Security. This marked the first time Lazarus had targeted Linux users. ![]() Security firm ESET published research highlighting the connection between the 3CX supply-chain attack and Linux-based malware deployed through fake job offers from phony executive profiles on LinkedIn. This eventually led to the deployment of a password-stealing program called ICONICSTEALER.Mandiant concluded that the 3CX attack was orchestrated by the North Korean state-sponsored hacking group known as Lazarus, a determination that was independently reached earlier by researchers at Kaspersky Lab and Elastic Security. The compromised 3CX software downloaded malware that sought instructions from encrypted icon files hosted on GitHub. Mandiant, along with Kaspersky Lab and Elastic Security, attributed the attack to the North Korean state-sponsored hacking group known as Lazarus. Attribution to North Korea’s Lazarus Group: The double supply chain compromise that led to malware being pushed out to some 3CX customers. This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack,” reads the April 20 Mandiant report. The attackers used the employee’s corporate credentials to infiltrate 3CX’s network through a VPN and subsequently compromise both the Windows and macOS build environments. Mandiant’s report described this as the first instance of a software supply-chain attack leading to another. Incident response firm Mandiant was hired to investigate the breach, and their report showed that the compromise began in 2022 when a 3CX employee installed a malware-laced software package from an earlier software supply-chain compromise. In March 2023, 3CX revealed that their desktop applications for both Windows and macOS had been compromised, allowing attackers to download and run code on all machines where the app was installed. With 3CX having over 600,000 customers and 12 million users across various industries, the implications of this breach are vast and far-reaching. ![]() In a complex and elaborate operation, North Korean hackers employed fake LinkedIn profiles, malware targeted at Mac and Linux users, and nested software supply-chain attacks to infiltrate the company. The recent supply-chain attack on VoIP software provider 3CX has all the makings of a cyberpunk spy novel. Malware Disguised as Legitimate Software:.Attribution to North Korea’s Lazarus Group:. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |