…Researched and contributed by Henry George.
North Korean hackers are believed to have used their software supply chain attacks as a means to steal cryptocurrency, according to cybersecurity firm Mandiant.
The company suggests that one of the motivations behind the group’s attacks was monetization, pointing to AppleJeus, a piece of malware connected to the same hackers that targeted cryptocurrency services via a Google Chrome vulnerability.
The same backdoor in 3CX’s software was also inserted into another cryptocurrency app, CoinGoTrade, and was found to share infrastructure with another backdoored trading app, JMT Trading.
Mandiant’s head of cyberespionage threat intelligence, Ben Read, claims that the supply chain attack used to compromise 3CX’s software was designed to “get you in places where people are handling money”.
While Mandiant believes that the North Korean hackers’ crypto-focused targets are just the tip of the iceberg, researchers have long suspected that other software supply chain attacks may have been interlinked in similar ways.
There have been six known attacks by the Chinese group known as Winnti or Brass Typhoon from 2016 to 2019, with some of these potentially related to earlier supply chain attacks.
Mandiant also suggests that Russian hackers behind the SolarWinds supply chain attack were potentially planning a follow-on attack when they were disrupted.
Mandiant’s findings show how hackers capable of carrying out a supply chain attack are able to cast a wide net that pulls in a variety of victims, including software developers.
While 3CX appears to be the first company hit with this type of supply chain chain reaction, the chances are that it will not be the last.