Global cybersecurity firm Mandiant revealed on the 20th local time that the hacking of the enterprise voice and video calling program ‘3CX,’ suspected to be the work of a North Korean hacking group, appears to have started from malware that had already infiltrated other software.
Mandiant announced the results of its investigation into the 3CX hacking on the same day, stating that it was the first time software supply chain hacking was confirmed to lead to another software supply chain hacking.
Security companies including Mandiant had previously reported that ‘UNC4736,’ suspected to be a North Korean hacking group, hacked ‘3CX’ last month, raising concerns about large-scale damage. 3CX is an enterprise voice and video calling program with over 12 million users as of the 1st.
According to the Cybersecurity and Infrastructure Security Agency (CISA) under the U.S. Department of Homeland Security, ‘UNC4736’ is believed to be related to North Korea’s ‘AppleJeus’ malware, which is aimed at financial theft. This malware is known to be a fake cryptocurrency app used to steal cryptocurrencies.
Mandiant confirmed that the initial intrusion vector of ‘3CX’ was a version of the package (ExTrader) provided by the software company ‘Trading Technologies’ with malware added.
Mandiant estimated that in April 2022, 3CX downloaded malicious program installation software from the ‘Trading Technologies’ website, which was already believed to have been hacked by a North Korean organization at that time.
Furthermore, based on technical indicators of the payload (transmitted data), Mandiant stated that the software supply chain hacking of both Trading Technologies and 3CX appears to be the work of the same North Korean group, UNC4736.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
