The 3CX supply chain attack is now affecting cryptocurrency businesses.
April 05, 2023 By Omal J
(Image Credit Google)
Image Credit: APACBH
Researchers have warned that the hackers responsible for the recent widespread supply chain hacks on VoIP service 3CX are now particularly aiming at Bitcoin companies to drain their wallets.
The attackers were able to gain access to a large number of organizations and install various stage-two malware on their endpoints by disseminating a trojanized version of the VoIP solution.
Currently, Kaspersky cybersecurity specialists have discovered that the attackers used a special backdoor called Gopuram to target, with extreme precision, less than a dozen businesses.
Adjustable backdoor
Gopuram is described by BleepingComputer as a modular backdoor that can install unregistered Windows drivers using the free and open-source Kernel Driver Tool, time stomp to avoid detection, and more.
The employment of Gopuram led Kaspersky to determine that the Lazarus Group of North Korea was the threat actor behind the entire operation.
"We can confidently connect the 3CX campaign to the Lazarus threat actor thanks to the finding of the new Gopuram infections. Gopuram, in our estimation, serves as both the primary implant and the assault chain's final payload "Researchers at Kaspersky noted.
With this backdoor, Lazarus allegedly targeted less than 10 machines, all of which are crypto companies. The researchers contend that financial gain is most likely the driving force.
Image Credit: Business Today
According to the report, installations of the contaminated 3CX software may be found all over the world, with Brazil, Germany, Italy, and France having the greatest infection rates. "Less than ten infected machines having the Gopuram backdoor implies that the attackers were very careful in how they employed Gopuram. We also noticed that the attackers are particularly interested in cryptocurrency businesses."
Read More: Ransomware victims are refusing to pay, causing the attackers’ income to decline.
With more than 600,000 enterprises using its products worldwide, 3CX has more than 12 million daily users. The National Health Service of the UK, American Express, Coca-Cola, McDonald's, Air France, IKEA, and several automakers, including BMW, Honda, Toyota, and Mercedes-Benz, are among its notable clients.
By Omal J
I worked for both print and electronic media as a feature journalist. Writing, traveling, and DIY sum up her life.