How did 3CX customers become the target of a Cyber Attack?

In March of this year a large-scale complex cyber attack targeted 3CX, an industry leading popular provider of internet-enabled voice calls which we provide and support for many of our customers. To read more about the cyber attack click here.

Following the attack, Cyber Security firm Mandiant (owned by Google), investigated the incident and discovered it was the result of a rarely seen supply-chain attack, where hackers infiltrated a third party a vendor to then gain access to other targets. Interestingly, this particular attack was found to have originated from another previous supply-chain attack. This marks the first time Mandiant has seen one supply-chain attack lead to another. Notable examples of past supply-chain attacks include the 2021 SolarWinds breach and the Kaseya breach, which affected numerous organisations worldwide.

According to Mandiant, a 3CX employee unknowingly installed malware-infected software from a previous victim of a supply-chain attack, Trading Technologies. The malware granted the hackers high-level access to 3CX’s systems, enabling them to deploy further malware tools throughout the organisation, granting them access to the code for their customer desktop application. Mandiant concluded that a North Korean hacking group, referred to as UNC4736, was responsible for compromising both 3CX and Trading Technologies. This group has a history of targeting crypto currency companies, highlighting the increasing cyber threat capabilities of North Korean threat actors.

The extent of the damage from these supply-chain attacks still remains unclear, however 3CX has over 12 million daily users world wide, who could potentially be affected. Charles Carmakal, Chief Technology Officer at Mandiant, expressed concerns about the number of organisations that may have been compromised without realising it. He noted that it may take weeks or months for victims to discover they have been compromised. This incident demonstrates the potential reach of such compromises, as well as the creativity and sophistication of North Korean regime-backed hackers in distributing malware and conducting offensive operations.

One2Call have been working with all of our 3CX Customers to ensure that they are as secure as possible following the attack, we acted fast to inform our customers of the 3CX Security Breach and worked with businesses to ensure that they uninstalled the Desktop App & recommended that they did not re-install it until our following communications confirmed it was safe. All of our EDR (Endpoint Detection & Response) customers were protected against this Zero Day Cyber Attack, as EDR was able to detect the unusual and malicious activity on endpoints to immediately prevent it. In response to the increasing Cyber Security Threats that our customers face we have increased out minimum Cyber Security level for our IT Support and Cyber Security customers to ensure that all businesses have Endpoint Detection & Response as standard throughout their business. We also urge all other businesses throughout to invest in EDR. If you would like to find out more about Endpoint Detection & Response and how it can benefit your business, click the link below.

Latest News Stories