Disclosures:
Professional Reviews

The reviews found on GuideHaven consist of evaluations conducted by community reviewers. These assessments take into account the reviewers’ unbiased and knowledgeable analysis of the products and services being reviewed.

Ownership

GuideHaven is a leading cybersecurity review website with a team of experts experienced in testing and evaluating VPNs, antiviruses, password managers, parental controls, and software tools. Our reviews are available in 29 languages, making them accessible to a broad audience since 2018. To further support our readers in their pursuit of online security, we’ve partnered with Kape Technologies PLC, which owns popular products like ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, all of which may be reviewed on our website.

Affiliate Commissions

GuideHaven contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest, and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Review Guidelines

The reviews published on GuideHaven are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional, and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

News Heading

Supply Chain Attack Blamed for Triggering 3CX Breach, Thousands of User Accounts Compromised

Ari Denial
Published by Ari Denial on April 20, 2024

According to cybersecurity company Mandiant, the recent 3CX supply chain attack, which involved the abuse of popular voice-over-internet-protocol (VOIP) software, was triggered by an earlier supply chain attack against Trading Technologies’ futures trading software.

The researchers suspect that the attackers distributed malware through Trading Technologies’ software to pave the way for the 3CX attack. The initial attack allowed the perpetrators to spread a malicious payload through 3CX and compromise thousands of user accounts.

Mandiant assisted 3CX in its investigation of the recent supply chain attack, has revealed that the malicious installer for Trading Technologies’ X_TRADER software was responsible for deploying a multi-stage modular backdoor named VEILEDSIGNAL.

The backdoor was designed to execute shellcode, inject a communication module into web browsers like Chrome, Firefox, or Edge, and terminate itself. Mandiant discovered that the attackers, tracked as UNC4736, stole corporate credentials from an employee’s personal computer and used them to move laterally through 3CX’s network, eventually breaching both the Windows and macOS build environments.

The attackers then deployed the TAXHAUL launcher and COLDCAT downloader on the Windows build environment, which persisted through DLL hijacking for the IKEEXT service and ran with LocalSystem privileges.

The cybersecurity firm has revealed that the macOS build server was compromised with the POOLRAT backdoor, which used LaunchDaemons as a persistence mechanism, and achieved persistence through DLL side-loading. The malware granted attackers remote access to all compromised devices over the internet. Mandiant has also associated UNC4736 with two clusters of APT43 suspected malicious activity, UNC3782 and UNC4469.

3CX Phone System, which has over 12 million daily users and is used by more than 600,000 businesses globally, including high-profile organizations such as McDonald’s, Coca-Cola, and American Express was compromised in a supply chain attack, according to Mandiant.

The cybersecurity firm said this was the first software supply chain compromise to have led to another software supply chain compromise, demonstrating the potential reach of this type of attack, especially when a threat actor can chain intrusions as demonstrated in this investigation.

Did you like this article? Rate it!
 
 
 
 
 
I hated it I don’t really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback