How did 3CX customers become the target of a Cyber Attack?
In March of this year a large-scale complex cyber attack targeted 3CX, an industry leading popular provider of internet-enabled voice calls which we provide and support for many of our customers. To read more about the cyber attack click here.
Following the attack, Cyber Security firm Mandiant (owned by Google), investigated the incident and discovered it was the result of a rarely seen supply-chain attack, where hackers infiltrated a third party a vendor to then gain access to other targets. Interestingly, this particular attack was found to have originated from another previous supply-chain attack. This marks the first time Mandiant has seen one supply-chain attack lead to another. Notable examples of past supply-chain attacks include the 2021 SolarWinds breach and the Kaseya breach, which affected numerous organisations worldwide.
According to Mandiant, a 3CX employee unknowingly installed malware-infected software from a previous victim of a supply-chain attack, Trading Technologies. The malware granted the hackers high-level access to 3CX’s systems, enabling them to deploy further malware tools throughout the organisation, granting them access to the code for their customer desktop application. Mandiant concluded that a North Korean hacking group, referred to as UNC4736, was responsible for compromising both 3CX and Trading Technologies. This group has a history of targeting crypto currency companies, highlighting the increasing cyber threat capabilities of North Korean threat actors.
The extent of the damage from these supply-chain attacks still remains unclear, however 3CX has over 12 million daily users world wide, who could potentially be affected. Charles Carmakal, Chief Technology Officer at Mandiant, expressed concerns about the number of organisations that may have been compromised without realising it. He noted that it may take weeks or months for victims to discover they have been compromised. This incident demonstrates the potential reach of such compromises, as well as the creativity and sophistication of North Korean regime-backed hackers in distributing malware and conducting offensive operations.
One2Call have been working with all of our 3CX Customers to ensure that they are as secure as possible following the attack, we acted fast to inform our customers of the 3CX Security Breach and worked with businesses to ensure that they uninstalled the Desktop App & recommended that they did not re-install it until our following communications confirmed it was safe. All of our EDR (Endpoint Detection & Response) customers were protected against this Zero Day Cyber Attack, as EDR was able to detect the unusual and malicious activity on endpoints to immediately prevent it. In response to the increasing Cyber Security Threats that our customers face we have increased out minimum Cyber Security level for our IT Support and Cyber Security customers to ensure that all businesses have Endpoint Detection & Response as standard throughout their business. We also urge all other businesses throughout to invest in EDR. If you would like to find out more about Endpoint Detection & Response and how it can benefit your business, click the link below.
Latest News Stories
Rise of Supply Chain Cyber Attacks: Understanding and Preventing the Threat
As the digital landscape evolves, so too do the threats that loom within it. Cyber Security measures are ever-improving, but in the cat-and-mouse game of the online world, hackers often still manage to gain the upper hand. The latest strategy in their arsenal? Supply...
Businesses Exposed in MOVEit Data Breach targeted by Ransom Demand
The notorious cyber crime syndicate, believed to be stationed in Russia, known as the Clop group, has sent an ominous warning to victims of a recent global cyber attack. In a message posted on the dark web, the group has urged those impacted by the MOVEit hack to...
London School Forced to Shut Down Amid “Devastating” Cyber Attack
Leytonstone School, situated in Waltham Forest, London, has forced to shut its doors due to a severe cyber attack on the school. The assault on the school's IT infrastructure has been described as "devastating", resulting in a significant quantity of private data...
Cheryl, Chisholm UK
Jordan was very prompt and very helpful. All issues were resolved, or progressed further, right away.
Steve Garbett, Jaxson Wolf
Very helpful, good staff. they do what they say they can do and on time. they also go the extra mile for the customer which is very refreshing.
The Willows School
Jordan always goes above and beyond no matter how crazy an idea we have or how quickly something needs doing.