N. Korea uses upgraded backdoor scheme to attack US video-conferencing firm 3CX
전체 맥락을 이해하기 위해서는 본문 보기를 권장합니다.
"What happened was an employee of 3CX installed the X Trader software on his personal computer, and it ended up deploying a backdoor on his personal computer, because the X Trader software was laced with malware that we call a veiled signal."
"This is very notable to Mandiant because this is the first time that we've ever observed a software supply chain attack lead to another software supply chain attack," he said. "A North Korean threat actor really stepped up their skill and their sophistication, such that they're able to conduct a cascading software supply chain attack."
이 글자크기로 변경됩니다.
(예시) 가장 빠른 뉴스가 있고 다양한 정보, 쌍방향 소통이 숨쉬는 다음뉴스를 만나보세요. 다음뉴스는 국내외 주요이슈와 실시간 속보, 문화생활 및 다양한 분야의 뉴스를 입체적으로 전달하고 있습니다.
North Korea has used its upgraded skills to stage a backdoor attack against the network of US virtual phone service company 3CX last month, Mandiant, Google's cybersecurity unit, said Thursday.
3CX, which provides online voice, video conferencing and messaging services for businesses, saw its network chain had been attacked by information-stealing malware planted by a hacker cluster named UNC4736. It is known to be a Lazarus sub-group dubbed Labyrinth Chollima, while Lazarus is one of the North Korean government-led secret operations organizations.
"We believe a North Korean nexus threat actor, who we are calling UNC4736, was behind this attack," Charles Carmakal, consulting chief technology officer at Mandiant, said at an online media briefing.
He said Mandiant, which has worked with 3CX to look into the massive breach, discovered that the hackers have not directly attacked the company's network. Instead, they had planted the malware into a separate software package of X Trader, a US financial trading application, and led to the malicious code being transferred to the 3CX network through a 3CX employee's personal computer.
"What happened was an employee of 3CX installed the X Trader software on his personal computer, and it ended up deploying a backdoor on his personal computer, because the X Trader software was laced with malware that we call a veiled signal."
The Mandiant official said the method employed in the attack was higher and more sophisticated than the previous schemes that North Korea had used in committing cybercrimes.
"This is very notable to Mandiant because this is the first time that we've ever observed a software supply chain attack lead to another software supply chain attack," he said. "A North Korean threat actor really stepped up their skill and their sophistication, such that they're able to conduct a cascading software supply chain attack."
The company also said North Korea's latest attack against 3CX is targeting cryptocurrency, widely believed to be a source of funding for the reclusive country's nuclear program.
"I think this is likely financially motivated as sort of an end goal, but this targeting also appears to be somewhat opportunistic in terms of the software supply chain," said Ben Read, head of cyber espionage analysis at Mandiant. "This backdoor would allow the North Korean actors in this case to gather some rudimentary information about the server and, sort of more importantly, pull down additional malware to enable more functionality and spread throughout the network." (Yonhap)
Copyright © 코리아헤럴드. 무단전재 및 재배포 금지.