Threat actors suspected to be operating for the North Korean govt have been observed trojanizing variations of the voice and video calling desktop client 3CX DesktopApp to start assaults against various victims.
The Symantec threat intelligence crew shared the conclusions in an advisory revealed before nowadays, explaining the attackers’ tactics have been similar to individuals used towards SolarWinds in 2022.
Examine much more on SolarWinds right here: SEC Announces ‘Enforcement Action’ For SolarWinds Over 2020 Hack
“In an attack reminiscent of SolarWinds, installers for numerous modern Windows and Mac variations of the software package ended up compromised and modified by the attackers in purchase to supply added details thieving malware to the user’s pc,” reads the technical publish-up.
In accordance to the security workforce, the information and facts collected by the malware probably enabled attackers to gauge if the sufferer was a applicant for further compromise.
“This is a typical supply chain attack, made to exploit have faith in relationships in between an group and external parties this involves partnerships with suppliers or the use of a 3rd-celebration software program which most enterprises are reliant on in some way,” commented Lotem Finkelstein, director of risk intelligence & exploration at Examine Point Computer software.
“This incident is a reminder of just how critical it is that we do our due diligence in conditions of scrutinizing who we conduct organization with.”
Symantec also confirmed it warned 3CX about the attacks, with the business advising users to immediately uninstall the app as it works on an update addressing the issue in the following few hours.
“This is, sad to say, a recurrence of an issue we have viewed numerous occasions just before and most probably will see again in the upcoming,” said Michael White, technical director and principal architect at Synopsys.
“The fantastic information is that the wider market as well as federal government initiatives pushed by teams these as NIST and CISA have already proposed a suite of countermeasure tactics which can be adopted these kinds of as SLSA and the assistance identified within just the NIST SSDF.”
The Symantec advisory comes months following CISA, NSA and npm produced their most recent software source chain direction.
Some parts of this article are sourced from:
www.infosecurity-magazine.com