Cybersecurity » Cascading Software Supply Chain Attack

Cascading Software Supply Chain Attack

New Ransomware Gang Hits Sony

A hack of the business solutions firm 3CX was revealed in March when customers complained that various cybersecurity products had been triggering warnings for the company’s software. On April 20 more information came to light. Apparently, the incident was what cybersecurity experts call a cascading software supply chain attack. The hackers were able to penetrate 3CX’s Windows and macOS build environments and used their access to push trojanized software to the company’s customers. The incident occurred after an employee downloaded a trojanized installer for the X_Trader trading software from Trading Technologies. X_Trader was retired in 2020, but was still available on the company’s website. The malware version, which the employee downloaded sometime in 2022, was signed with a certificate that was valid until October 2022. Another malware named VeiledSignal, enabled the attackers to obtain corporate credentials belonging to the employee, which gave them access to 3CX systems. Cybersecurity companies say that the attack was likely conducted by North Koreans.

Get our free daily newsletter

Subscribe for the latest news and business legal developments.

Read this next

Legal Ops Need to Assess Their Information Governance Programs

The AI Executive Order’s Impact on the Healthcare Industry

President Biden’s Executive Order on the Safe, Secure, and Trustworthy Development and […]

14 Proven Tactics to Elevate Your Law Firm's Webinars and Drive Results

Cybersecurity Agency Warns About Hacking Collective

The Cybersecurity and Infrastructure Security Agency and the FBI have issued a […]

Understanding Quantum Security Essential In Mitigating Risk Of Newest Cyber Threat

Data Privacy and Reputation Concerns About Adopting AI

Reputational damage was the greatest source of concern about AI, followed by […]

Scroll to Top