3CX Supply Chain Attack: 8 Biggest Things To Know
We break down what you need to know about the compromise of widely used phone system software from 3CX, which is being likened to the attacks on SolarWinds and Kaseya.
Who Is Behind The Attack?
Currently, the consensus in the security community is that hackers working for North Korea’s government were behind the 3CX attack. CrowdStrike has attributed the attack to a North Korea-affiliated group that it calls Labyrinth Chollima, Meyers said. That attribution is based on the use of certain technology, infrastructure, installation techniques and command-and-control techniques previously associated with the group, according to Meyers.
The evidence pointing to North Korea is significant because “you don’t typically hear about [the country] in the same breath as supply chain attacks,” Meyers said. Still, while many tend to write off North Korea as a threat due to its stature overall, “North Korea is extremely confident and capable” when it comes to malicious cyber activity, he said. “The reality is that they’ve been looking at cyber capabilities since the ‘90s,” he said. “They train and recruit down to the middle school level inside of North Korea. They are very capable threat actors, who also engage in revenue generation for the regime to pay for missiles and nuclear testing and things like that, because they’ve been cut off from the broader global economy. And so they have to find other ways to be able to do that.”