Corporate Communication Program '3CX' Hacked
North Korean Hacker Group Identified as Attacker
North Korea is reported to have hacked the enterprise voice and video calling program ‘3CX,’ which is used by 12 million people daily.
On the 1st, the US-based Radio Free Asia (RFA) reported, “After analyzing the hacking method used to attack 3CX, the US cybersecurity firm CrowdStrike identified the attacker as ‘Labyrinth Chollima,’ a hacker group under North Korea’s Reconnaissance General Bureau affiliated with Lazarus.”
The ‘3CX’ homepage lists over 600,000 organizations across 190 countries as clients, including Coca-Cola, McDonald’s, Mercedes-Benz, Toyota, BMW, Honda, Air France, Pizza Hut, the UK National Health Service (NHS), and Holiday Inn Express. The daily user count exceeds 12 million.
US security firm Volexity diagnosed that “the attacker may have accessed 3CX’s servers at least since before November last year.” This means that the installation program for 3CX was already embedded with malware before being provided to customers.
The malware they used collects system information and steals records, IDs, and passwords stored in web browsers such as Google Chrome. Moreover, it is feared that it could cause significant damage by monitoring corporate communication networks and collecting and retransmitting internal conversations and communications.
Currently, North Korea has about 7,000 cyber agents. These agents are usually selected from elementary and middle schools and trained as cyber agents at universities or operational institutions. After their 20s, they are reportedly dispatched to overseas bases disguised as trading companies to conduct cyberterrorism and confidential information gathering operations.
The United Nations and others report that North Korea earns funds necessary for nuclear and missile development through illegal cyber activities such as hacking and virtual asset theft, while also actively collecting information from governments and companies worldwide.
They are known to impersonate reporters from Voice of America (VOA) and KBS to gain online access to major institutions in the US and South Korea. Recently, a North Korean cyber attacker who infiltrated IT companies in the US and Japan as a technician by falsifying nationality was caught through local police investigations.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
