Ishan Girdhar

Cyber, (Mis)adventures #1 April 2023 Edition

Ishan Girdhar 1 min read
Cyber, (Mis)adventures #1 April 2023 Edition
Table of Contents

Project 2: 🤯 Cyber, (Mis)adventures.

Read more about this project here.

If there is one thing you need to remember about April 2023, then it's

3CX Double Supply Chain Compromise

It's important because this double supply chain is the first ever to be seen.
The double supply chain compromise led to malware being pushed out to some 3CX customers.
  • The telephony company 3CX was recently compromised by North Korean state-sponsored hackers after a 3CX employee downloaded infected software from the website of Trading Technologies, a trading software company.
  • Trading Technologies was previously compromised by the same group, which embedded malware in one of its programs before posting it to its website, where it remained for nearly a year.
  • The daisy-chain nature of the breach makes it possible for attackers to conduct threaded supply-chain hacks that lead to a compromise of another software maker and their customers. Although Trading Technologies had discontinued the product in April 2020, the X_Trader software remained available for download when the 3CX employee downloaded and installed it on his personal computer, leading to the breach.

    Read this great article written by Zero Day Newsletter by Kim Zetter
Share

Ishan Girdhar

I operate at the intersection of Information & Cyber Security, Privacy, Leadership, & Systems Thinking. 18+ hours of reading & analysis distilled into a 10-Minute Summary Bi-weekly.

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Ishan Girdhar.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.

Mastodon