Cascading Software Supply Chain Attack

A hack of the business solutions firm 3CX was revealed in March when customers complained that various cybersecurity products had been triggering warnings for the company’s software. On April 20 more information came to light. Apparently, the incident was what cybersecurity experts call a cascading software supply chain attack. The hackers were able to penetrate 3CX’s Windows and macOS build environments and used their access to push trojanized software to the company’s customers. The incident occurred after an employee downloaded a trojanized installer for the X_Trader trading software from Trading Technologies. X_Trader was retired in 2020, but was still available on the company’s website. The malware version, which the employee downloaded sometime in 2022, was signed with a certificate that was valid until October 2022. Another malware named VeiledSignal, enabled the attackers to obtain corporate credentials belonging to the employee, which gave them access to 3CX systems. Cybersecurity companies say that the attack was likely conducted by North Koreans.