How did 3CX customers become the target of a Cyber Attack?
In March of this year a large-scale complex cyber attack targeted 3CX, an industry leading popular provider of internet-enabled voice calls which we provide and support for many of our customers. To read more about the cyber attack click here.
Following the attack, Cyber Security firm Mandiant (owned by Google), investigated the incident and discovered it was the result of a rarely seen supply-chain attack, where hackers infiltrated a third party a vendor to then gain access to other targets. Interestingly, this particular attack was found to have originated from another previous supply-chain attack. This marks the first time Mandiant has seen one supply-chain attack lead to another. Notable examples of past supply-chain attacks include the 2021 SolarWinds breach and the Kaseya breach, which affected numerous organisations worldwide.
According to Mandiant, a 3CX employee unknowingly installed malware-infected software from a previous victim of a supply-chain attack, Trading Technologies. The malware granted the hackers high-level access to 3CX’s systems, enabling them to deploy further malware tools throughout the organisation, granting them access to the code for their customer desktop application. Mandiant concluded that a North Korean hacking group, referred to as UNC4736, was responsible for compromising both 3CX and Trading Technologies. This group has a history of targeting crypto currency companies, highlighting the increasing cyber threat capabilities of North Korean threat actors.
The extent of the damage from these supply-chain attacks still remains unclear, however 3CX has over 12 million daily users world wide, who could potentially be affected. Charles Carmakal, Chief Technology Officer at Mandiant, expressed concerns about the number of organisations that may have been compromised without realising it. He noted that it may take weeks or months for victims to discover they have been compromised. This incident demonstrates the potential reach of such compromises, as well as the creativity and sophistication of North Korean regime-backed hackers in distributing malware and conducting offensive operations.
One2Call have been working with all of our 3CX Customers to ensure that they are as secure as possible following the attack, we acted fast to inform our customers of the 3CX Security Breach and worked with businesses to ensure that they uninstalled the Desktop App & recommended that they did not re-install it until our following communications confirmed it was safe. All of our EDR (Endpoint Detection & Response) customers were protected against this Zero Day Cyber Attack, as EDR was able to detect the unusual and malicious activity on endpoints to immediately prevent it. In response to the increasing Cyber Security Threats that our customers face we have increased out minimum Cyber Security level for our IT Support and Cyber Security customers to ensure that all businesses have Endpoint Detection & Response as standard throughout their business. We also urge all other businesses throughout to invest in EDR. If you would like to find out more about Endpoint Detection & Response and how it can benefit your business, click the link below.
Latest News Stories
Pharmaceutical Companies Data Reportedly Stolen in Ransomware Attack
The Russia-linked ransomware group LockBit has claimed responsibility of a Cyber Attack which they launched on the Indian pharmaceutical company Granules India, as proof of the attack they have revealed segments of the supposedly stolen data. The presence of Granules...
Major Australian Law Firm Suffers Cyber Attack: Dark Web Leak Threatens Government Data
After a recent & significant escalation of cyber criminal activity in Australia, Russian-linked threat actors, known as the AlphV ransomware gang or "Blackcat", have targeted the major Australian law firm HWL Ebsworth. On the June 8th, the group claimed to have...
Details of 85 Million People Leaked: Turkish Government Site Hacked
The Turkish e-Devlet government services website has fallen victim to a significant hacking incident. The platform, which is the main public administration portal in Turkey, stores personal information including details about education, health, banking credentials,...
Our Customers
Testimonials
Jeanette, Principle Support Ltd
One2Call staff are very helpful and friendly and they do have a fast turnaround with our enquiries. Thank you very much.
Emily Laycock, CFS Formations
Very friendly and helpful over the telephone. Engineers worked fast to fix our issues.
Steve Garbett, Jaxson Wolf
Very helpful, good staff. they do what they say they can do and on time. they also go the extra mile for the customer which is very refreshing.