A supply chain attack installed a backdoor in computers around the world but has only been deployed in fewer than ten computers, cybersecurity company Kaspersky has reported. The deployments showed a particular interest in cyptocurrency companies, it added.\u00a0<\/p>\n
Cybersecurity company Crowdstrike reported on March 29 that it has identified malicious activity on the 3CX softphone app 3CXDesktopApp. The app is marketed to corporate clients. The malicious activity detected included \u201cbeaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity.\u201d <\/p>\n
Kaspersky\u00a0said it suspected the involvement of the North Korea-linked threat actor Labyrinth Chollima. 3CX said of the infection:<\/p>\n
\u201cThis appears to have been a targeted attack from an Advanced Persistent Threat, perhaps even state sponsored, that ran a complex supply chain attack and picked who would be downloading the next stages of their malware.\u201d<\/p><\/blockquote>\n
Kaspersky was already investigating a dynamic link library (DLL) found in one of the infected 3CXDesktopApp .exe file, it said. The DLL in question had been used to deliver the Gopuram backdoor, although it was not the only malicious payload deployed in the attack. Gopuram has been found to coexist with the AppleJeus backdoor attributed to the North Korean Lazarus group, Kaspersky added. <\/p>\n