How did 3CX customers become the target of a Cyber Attack?
In March of this year a large-scale complex cyber attack targeted 3CX, an industry leading popular provider of internet-enabled voice calls which we provide and support for many of our customers. To read more about the cyber attack click here.
Following the attack, Cyber Security firm Mandiant (owned by Google), investigated the incident and discovered it was the result of a rarely seen supply-chain attack, where hackers infiltrated a third party a vendor to then gain access to other targets. Interestingly, this particular attack was found to have originated from another previous supply-chain attack. This marks the first time Mandiant has seen one supply-chain attack lead to another. Notable examples of past supply-chain attacks include the 2021 SolarWinds breach and the Kaseya breach, which affected numerous organisations worldwide.
According to Mandiant, a 3CX employee unknowingly installed malware-infected software from a previous victim of a supply-chain attack, Trading Technologies. The malware granted the hackers high-level access to 3CX’s systems, enabling them to deploy further malware tools throughout the organisation, granting them access to the code for their customer desktop application. Mandiant concluded that a North Korean hacking group, referred to as UNC4736, was responsible for compromising both 3CX and Trading Technologies. This group has a history of targeting crypto currency companies, highlighting the increasing cyber threat capabilities of North Korean threat actors.
The extent of the damage from these supply-chain attacks still remains unclear, however 3CX has over 12 million daily users world wide, who could potentially be affected. Charles Carmakal, Chief Technology Officer at Mandiant, expressed concerns about the number of organisations that may have been compromised without realising it. He noted that it may take weeks or months for victims to discover they have been compromised. This incident demonstrates the potential reach of such compromises, as well as the creativity and sophistication of North Korean regime-backed hackers in distributing malware and conducting offensive operations.
One2Call have been working with all of our 3CX Customers to ensure that they are as secure as possible following the attack, we acted fast to inform our customers of the 3CX Security Breach and worked with businesses to ensure that they uninstalled the Desktop App & recommended that they did not re-install it until our following communications confirmed it was safe. All of our EDR (Endpoint Detection & Response) customers were protected against this Zero Day Cyber Attack, as EDR was able to detect the unusual and malicious activity on endpoints to immediately prevent it. In response to the increasing Cyber Security Threats that our customers face we have increased out minimum Cyber Security level for our IT Support and Cyber Security customers to ensure that all businesses have Endpoint Detection & Response as standard throughout their business. We also urge all other businesses throughout to invest in EDR. If you would like to find out more about Endpoint Detection & Response and how it can benefit your business, click the link below.
Latest News Stories
Patient Images from Plastic Surgery Clinic threatened to be leaked on Dark Web
The BlackCat cyber crime syndicate, also known as ALPHV, has issued a threatening announcement regarding the release of sensitive patient images purportedly stolen from a Beverly Hills plastic surgery clinic. The controversial statement was published on the dark web...
Ransomware Attacks and their impact on the Healthcare System
In the autumn of 2021, the staff at Johnson Memorial Health in Franklin, Indiana, were looking forward to a respite from the recent surge of COVID-19 hospitalisations brought on by the delta variant. However, their hopes were dashed on October 1st, at 3 a.m. a...
Law firm Bryan Cave Leighton Paisner Victim of Major Cyber Attack
Law firm Bryan Cave Leighton Paisner (BCLP) has reported a significant cyber attack. In the attack, the sensitive data of more than 50,000 current and former employees of snack food conglomerate Mondelēz International was exposed. Mondelēz International, known for...
Our Customers
Testimonials
Harry Lynford, Image Data
Great service and very helpful.
Steve Garbett, Jaxson Wolf
Very helpful, good staff. they do what they say they can do and on time. they also go the extra mile for the customer which is very refreshing.
Pete Richardson, DALP
Always provide very prompt support. Excellent.