Researchers from several security companies said that hackers working on behalf of the North Korean government launched a massive attack aimed at hitting the supply chains of major global companies, exploiting a vulnerability in the 3CX Internet telephony program that is widely used by giant companies that manufacture cars, clothing and food, including Mercedes, Toyota and Coca-Cola . and McDonald's.
The attack confirmed by the company compromised the software build system used to create and distribute the Windows and Mac versions of the app, which allowed the attackers to hide the malware inside the original copy of the app that was digitally signed using the company's official signing key.
This type of attack is known as “supply chain attacks”, and it is a type of cyberattack that targets companies that provide services and basic software for supply chain networks. Control of highly sensitive systems.
The attack emerged late Wednesday, when products from various security firms began detecting malicious activity coming from legitimate copies of 3CX's desktop applications.
Initial analyzes from digital security firm Symantec indicated that compromised installers for Windows and Mac OS contained clean versions of the application with all normal functionality, preventing users from becoming suspicious. The attackers added additional payload through a technique known as DLL Sideloading, which adds malicious functionality to legitimate software. The attackers encrypted the payload and embedded other defenses designed to prevent detection or analysis.
Experts recommend that companies using 3CX immediately begin analyzing their network infrastructure for signs of potential breaches.
It has not yet been revealed about the companies affected by the attack or the extent of the damage they suffered.
This incident is reminiscent of a similar attack discovered in December of 2020 that affected users of the SolarWinds network management program , which targeted US companies and institutions, including the Federal Aviation Administration, NASA, Microsoft, and a number of ministries such as the Ministry of Justice, Commerce, and Homeland Security. The hackers then compromised SolarWinds' software build system and used it to distribute an update to approximately 18,000 customers.
The United States has accused Russia of being behind the attack , which is the largest electronic piracy attack against the United States ever. The White House responded to the attack by expelling Russian diplomats from Washington, D.C., and imposing a set of new sanctions on Russian individuals and assets.