3CX Supply Chain Attack Expands to Crypto Firms, Threatening Sensitive Data

3CX Supply Chain Attack Expands to Crypto Firms, Threatening Sensitive Data

Cybersecurity researchers have warned that the hackers responsible for the recent large-scale supply chain attacks on VoIP provider 3CX are now targeting cryptocurrency companies in a bid to steal their funds. The attackers infiltrated dozens of companies by distributing a trojanized version of the VoIP solution and placed various stage-two malware on their endpoints. Now, researchers from Kaspersky have found that the hackers have targeted no more than a dozen companies with a unique backdoor called Gopuram. This modular backdoor is capable of timestamping to evade detection, payload injection into already running processes, loading unsigned Windows drivers using the open-source Kernel Driver Utility, and more. The use of Gopuram allowed Kaspersky to identify the threat actor behind the entire operation as North Korea’s Lazarus Group.