Suspected North Korean hackers infiltrated a software firm that claims hundreds of thousands of customers around the world in a cyberattack that shows Pyongyang’s advanced hacking capabilities, private investigators said Thursday.
The breach of the software firm 3CX, discovered last month, provided a potential foothold for the North Koreans into a huge swath of multinational firms – from hotel chains to health care providers – that use the firm’s software for voice and video calls.
The number of companies affected by the hack and what the hackers ultimately did with access to victim networks remain unclear. But it’s the latest evidence that North Korean hackers are pulling out all the stops to break into organizations to steal or spy on them in support of dictator Kim Jong Un’s strategic interests.
The hack shows “an increased level of cyber offensive capability by North Korean” operatives, said Charles Carmakal, chief technology officer at Mandiant Consulting, which 3CX hired to investigate the hack.
A recent CNN investigation found a rampant effort by North Korean hackers to steal cryptocurrency and launder it into hard cash that might help fund the regime’s weapon’s programs. Such North Korean cyber activity is part of regular intelligence products presented to senior US officials, sometimes including President Joe Biden, a senior US official previously told CNN.
In the case of 3CX, Mandiant said the hackers wormed their way into company’s software production environment by first compromising software made by another firm, derivatives trading platform Trading Technologies. A 3CX employee downloaded the now-defunct Trading Technologies software that the hackers had tampered with, according to Mandiant.
“This is the first time that we’ve ever found concrete evidence of a supply chain attack leading to another…
Read the full article here