8/14/2023 0 Comments Lazarus group bitcoin![]() The specific interest in cryptocurrency companies suggests that the hackers may have been looking to steal valuable assets such as digital currencies or sensitive financial information. Our investigation of the 3CX campaign is ongoing and we will continue analyzing the deployed implants to find out more details about the toolset used in the supply chain attack.” “We believe that Gopuram is the main implant and the final payload in the attack chain. Georgy Kucherin, a security expert at GReAT, Kaspersky, said: This indicated that the attackers behind this campaign were very precise in their targeting. However, the Gopuram backdoor was deployed to less than ten machines. Brazil, Germany, Italy, and France recorded the highest number of infestations. Kaspersky’s telemetry revealed that installations of the infected 3CX software were located all over the world. During this investigation, they discovered that Gopuram coexisted on victim machines with AppleJeus, another backdoor that has been associated with the Lazarus Group, the notorious hacker group based in North Korea. Three years ago, the cybersecurity firm investigated an infection of a cryptocurrency company located in Southeast Asia. Kaspersky’s previous investigations shed further light on the origins of the Gopuram backdoor. Interestingly, this was roughly a week before the 3CX supply chain attack was discovered. Kaspersky also opened a case linked to the Gopuram backdoor on 21 March. This DLL was linked to a backdoor known as “Gopuram,” which Kaspersky had been tracking since 2020. The North Korean group allegedly behind a hack which earlier this month targeted Atomic Wallet have now pocketed over 100 million in stolen crypto. Hackers target crypto firms with surgical precisionĪccording to the report, Kaspersky experts found a suspicious Dynamic Link Library (DLL) that was loaded into the infected 3CXDesktopApp.exe process on one of the machines they were monitoring. Kaspersky published its report on 3 April on the matter after analyzing available data and reviewing its own telemetry. The attack came to light on 29 March and reportedly affected cryptocurrency firms. Popular cybersecurity firm Kaspersky recently concluded an investigation into a supply chain attack on 3CX, a popular VoIP (Voice over Internet Protocol) software provider. The investigation revealed that North Korea’s Lazarus Group may have been behind the attack. ![]() ![]() ![]() Cybersecurity firm Kaspersky recently investigated a 3CX supply chain attack that targeted crypto firms. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |