A supply chain attack installed a backdoor in computers around the world but has only been deployed in fewer than ten computers, cybersecurity company Kaspersky hasCybersecurity company Crowdstrike reported on March 29 that it has identified malicious activity on the 3CX softphone app 3CXDesktopApp. The app is marketed to corporate clients.
“This appears to have been a targeted attack from an Advanced Persistent Threat, perhaps even state sponsored, that ran a complex supply chain attack and picked who would be downloading the next stages of their malware.” Kaspersky was already investigating a dynamic link library found in one of the infected 3CXDesktopApp .exe file, it said. The DLL in question had been used to deliver the Gopuram backdoor, although it was not the only malicious payload deployed in the attack. Gopuram has been found to coexist with the AppleJeus backdoor attributed to the North Korean Lazarus group, Kaspersky added.
Life without parole for these hackers.