Security

3CX’s supply chain attack was caused by… another supply chain attack

Comment

shadowy figure sitting in front of a set of computer monitors using X_Trader software in a darkened room
Image Credits: BusinessWire / Trading Technologies

The incident responders investigating how hackers carried out a complex supply-chain attack targeting enterprise phone provider 3CX say the company was compromised by another supply chain attack.

3CX, which develops a software-based phone system used by more than 600,000 organizations worldwide with more than 12 million active daily users, worked with cybersecurity company Mandiant to investigate the incident. In its report released on Thursday, Mandiant said that attackers compromised 3CX using a malware-laced version of the X_Trader financial software, developed by Trading Technologies.

X_Trader was a platform used by traders to view real-time and historical markets, which Trading Technologies phased out in 2020, but Mandiant says was still available to download from the company’s website in 2022.

Mandiant said it suspects the Trading Technologies website was compromised by a group of North Korea state-backed hackers, which it refers to as UNC4736.

This is backed up by a report from Google’s Threat Analysis Group from last year, which confirmed that Trading Technologies’ website was compromised in February 2022 as part of a North Korean operation targeting dozens of cryptocurrency and fintech users. U.S. cybersecurity agency CISA says the hacking group has used its custom “AppleJeus” malware to steal cryptocurrency from victims in over 30 countries.

Mandiant’s investigation found that a 3CX employee downloaded a tainted version of the X_Trader software in April 2022 from Trading Technologies’ website, which the hackers had digitally signed with the company’s then-valid code-signing certificate to make it look as if it was legitimate.

Once installed, the software planted a backdoor on the employee’s device, giving the attackers full access to the compromised system. This access was then used to move laterally through 3CX’s network and, eventually, to compromise 3CX’s flagship desktop phone app to plant information-stealing malware inside their customers’ corporate networks.

“This is notable to us because this is the first time we’ve ever found concrete evidence of a software supply chain attack leading to another supply chain attack,” said Mandiant’s chief technology officer Charles Carmakal. “This series of coupled supply-chain attacks just illustrates the increasing cyber offensive cyber capability by North Korean threat actors.”

Mandiant says it notified Trading Technologies about the compromise on April 11 but says it’s not known how many users are affected.

Trading Technologies spokesperson Ellen Resnick told TechCrunch that the company has not yet verified Mandiant’s findings, and reiterated that it stopped supporting the software in 2020.

Mandiant’s Carmakel added that it’s likely “many more victims” related to the two supply-chain attacks will become known in the coming weeks and months.

3CX blames North Korea for supply chain mass-hack

More TechCrunch

Trawa simplifies energy purchasing and management for SMEs by leveraging an AI-powered platform and downstream data from customers. 

Berlin-based trawa raises €10M to use AI to make buying renewable energy easier for SMEs

Lydia is splitting itself into two apps — Lydia for P2P payments and Sumeria for those looking for a mobile-first bank account.

Lydia, the French payments app with 8 million users, launches mobile banking app Sumeria

Cargo ships docking at a commercial port incur costs called “disbursements” and “port call expenses.” This might be port dues, towage, and pilotage fees. It’s a complex patchwork and all…

Shipping logistics startup Harbor Lab raises $16M Series A led by Atomico

AWS has confirmed its European “sovereign cloud” will go live by the end of 2025, enabling greater data residency for the region.

AWS confirms will launch European ‘sovereign cloud’ in Germany by 2025, plans €7.8B investment over 15 years

Go Digit, an Indian insurance startup, has raised $141 million from investors including Goldman Sachs, ADIA, and Morgan Stanley as part of its IPO.

Indian insurance startup Go Digit raises $141M from anchor investors ahead of IPO

Peakbridge intends to invest in between 16 and 20 companies, investing around $10 million in each company. It has made eight investments so far.

Food VC Peakbridge has new $187M fund to transform future of food, like lab-made cocoa

For over six decades, the nonprofit has been active in the financial services sector.

Accion’s new $152.5M fund will back financial institutions serving small businesses globally

Meta’s newest social network, Threads, is starting its own fact-checking program after piggybacking on Instagram and Facebook’s network for a few months.

Threads finally starts its own fact-checking program

Looking Glass makes trippy-looking mixed-reality screens that make things look 3D without the need of special glasses. Today, it launches a pair of new displays, including a 16-inch mode that…

Looking Glass launches new 3D displays

Replacing Sutskever is Jakub Pachocki, OpenAI’s director of research.

Ilya Sutskever, OpenAI co-founder and longtime chief scientist, departs

Intuitive Machines made history when it became the first private company to land a spacecraft on the moon, so it makes sense to adapt that tech for Mars.

Intuitive Machines wants to help NASA return samples from Mars

As Google revamps itself for the AI era, offering AI overviews within its search results, the company is introducing a new way to filter for just text-based links. With the…

Google adds ‘Web’ search filter for showing old-school text links as AI rolls out

Blue Origin’s New Shepard rocket will take a crew to suborbital space for the first time in nearly two years later this month, the company announced on Tuesday.  The NS-25…

Blue Origin to resume crewed New Shepard launches on May 19

This will enable developers to use the on-device model to power their own AI features.

Google is building its Gemini Nano AI model into Chrome on the desktop

It ran 110 minutes, but Google managed to reference AI a whopping 121 times during Google I/O 2024 (by its own count). CEO Sundar Pichai referenced the figure to wrap…

Google mentioned ‘AI’ 120+ times during its I/O keynote

Firebase Genkit is an open source framework that enables developers to quickly build AI into new and existing applications.

Google launches Firebase Genkit, a new open source framework for building AI-powered apps

In the coming months, Google says it will open up the Gemini Nano model to more developers.

Patreon and Grammarly are already experimenting with Gemini Nano, says Google

As part of the update, Reddit also launched a dedicated AMA tab within the web post composer.

Reddit introduces new tools for ‘Ask Me Anything,’ its Q&A feature

Here are quick hits of the biggest news from the keynote as they are announced.

Google I/O 2024: Here’s everything Google just announced

LearnLM is already powering features across Google products, including in YouTube, Google’s Gemini apps, Google Search and Google Classroom.

LearnLM is Google’s new family of AI models for education

The official launch comes almost a year after YouTube began experimenting with AI-generated quizzes on its mobile app. 

Google is bringing AI-generated quizzes to academic videos on YouTube

Around 550 employees across autonomous vehicle company Motional have been laid off, according to information taken from WARN notice filings and sources at the company.  Earlier this week, TechCrunch reported…

Motional cut about 550 employees, around 40%, in recent restructuring, sources say

The keynote kicks off at 10 a.m. PT on Tuesday and will offer glimpses into the latest versions of Android, Wear OS and Android TV.

Google I/O 2024: Watch all of the AI, Android reveals

Google Play has a new discovery feature for apps, new ways to acquire users, updates to Play Points, and other enhancements to developer-facing tools.

Google Play preps a new full-screen app discovery feature and adds more developer tools

Soon, Android users will be able to drag and drop AI-generated images directly into their Gmail, Google Messages and other apps.

Gemini on Android becomes more capable and works with Gmail, Messages, YouTube and more

Veo can capture different visual and cinematic styles, including shots of landscapes and timelapses, and make edits and adjustments to already-generated footage.

Google Veo, a serious swing at AI-generated video, debuts at Google I/O 2024

In addition to the body of the emails themselves, the feature will also be able to analyze attachments, like PDFs.

Gemini comes to Gmail to summarize, draft emails, and more

The summaries are created based on Gemini’s analysis of insights from Google Maps’ community of more than 300 million contributors.

Google is bringing Gemini capabilities to Google Maps Platform

Google says that over 100,000 developers already tried the service.

Project IDX, Google’s next-gen IDE, is now in open beta

The system effectively listens for “conversation patterns commonly associated with scams” in-real time. 

Google will use Gemini to detect scams during calls