The Lazarus Group targeted less than ten machines with this backdoor, all of which were crypto firms. The motivation for the attacks is believed to be financial gain. According to the researchers, “As for the victims in our telemetry, installations of the infected 3CX software are located all over the world, with the highest infection figures observed in Brazil, Germany, Italy, and France. As the Gopuram backdoor has been deployed to less than ten infected machines, it indicates that attackers used Gopuram with surgical precision. We additionally observed that the attackers have a specific interest in cryptocurrency companies.”
