Skip to main content

STATE ACTOR: North Korean-linked attack on EU & US - Symantec | Iain Fraser Cybersecurity Journalist

STATE ACTOR: North Korean-linked attack on EU & US - Symantec | Iain Fraser Cybersecurity Journalist

24th April 2023

A North Korean-linked operation affected more organizations beyond 3CX, including two critical infrastructure organizations in the energy sector.

The X_Trader software supply chain attack affected more organizations than 3CX. Initial investigation by Symantec’s Threat Hunter Team has, to date, found that among the victims are two critical infrastructure organizations in the energy sector, one in the U.S. and the other in Europe. In addition to this, two other organizations involved in financial trading were also breached.

As reported yesterday by Mandiant, Trojanized X_Trader software was the cause of the 3CX breach, which was uncovered last month. As a result of this breach, 3CX’s software was compromised, with many customers inadvertently downloading malicious versions of the company’s voice and video calling software DesktopApp. In addition to wider victims, Symantec has also discovered additional indicators of compromise, listed below.

It appears likely that the X_Trader supply chain attack is financially motivated, since Trading Technologies, the developer of X_Trader, facilitates futures trading, including energy futures. Nevertheless, the compromise of critical infrastructure targets is a source of concern. North Korean-sponsored actors are known to engage in both espionage and financially motivated attacks and it cannot be ruled out that strategically important organizations breached during a financial campaign are targeted for further exploitation. Learn More /...

About Symantec/Broadcom

Broadcom Inc. is a global infrastructure technology leader built on 50 years of innovation, collaboration and engineering excellence. With roots based in the rich technical heritage of AT&T/Bell Labs, Lucent and Hewlett-Packard/Agilent, Broadcom focuses on technologies that connect our world. Through the combination of industry leaders Broadcom, LSI, Broadcom Corporation, Brocade, CA Technologies and Symantec, the company has the size, scope and engineering talent to lead the industry into the future. Learn More /...

Cybersecurity Journalist
Image Credit: Shafquat Towheed



Labels:
Location: Gibraltar

Comments

Post a Comment

Popular posts from this blog

CYBER BREACH: Data Breach Exposed Thousands of Pet Medical Records Including Owner Information

Tuesday, 5th December 2023 CYBER BREACH: Data Breach Exposed Thousands of Pet Medical Records Including Owner Information By Jeremiah Fowler - Website Planet  Syndicated By IainFraser.net/CYBER_Voice Daily Cyber Insights  Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet about a non-password protected database that contained over 56,000 records, including pet medical reports, DNA tests, pedigree history and other potentially sensitive information. As a long-time cyber security researcher, this is one of the most interesting discoveries I have ever encountered and a first for me.  I recently discovered a non-password protected database that contained records of thousands of dogs from around the world and included the information of their human owners. The publicly exposed cloud storage database contained a total of 56,624 documents in .PDF, .png, and .jpg formats with a total size of 25 GB. Upon further investigation, the database appeared...
Post a Comment
Learn More »

EUROPOL: International operation closes down Piilopuoti dark web marketplace

EUROPOL: International operation closes down Piilopuoti dark web marketplace  Syndicated By: Iain Fraser Cybersecurity Journalist Gibraltar - PRWire Channel IainFraser.net/PRWire Thursday 21st September 2023 In a significant victory against dark web criminals, the Finnish Customs (Tulli), together with European partners, has successfully taken down the dark web marketplace ‘Piilopuoti’.  Drugs and other illegal commodities were sold in large quantities on this Finnish-language platform which had been operating on the Onion Router (Tor) network since May 2022.  This successful action by the Finnish Customs was supported, among others, by the German Federal Criminal Office (Bundeskriminalamt) and the Lithuanian Criminal Police Bureau (Lietuvos kriminalinÄ—s policijos biuras). Europol’s European Cybercrime Centre coordinated the international activity and provided operational support and technical expertise.  The investigation is still ongoing as law enforcement worldwi...
Post a Comment
Learn More »

CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance

Tuesday, 28th November 2023 CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance Posted by: Iain Fraser - Cybersecurity Journalist Gibraltar via IainFraser.net/ Daily Cyber Insights CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance The UK NCSC & US CISA have joint-published what they term as "security-focused guidance" for AI & ML developers and those who leverage AI/ML with their protocols and systems.  The Publication of Guidelines for Secure AI System Development (PDF),  apply to all types of AI/ML systems, regardless of whether built from wireframe up or added as a bolt-on on third-party resources, to address issues related to AI, cybersecurity, and critical infrastructure. Devised to be used in conjunction with existing Cybersecurity, Incident Response and Cyber Risk-Management protocols. The NCSC and CISA have said “Providers should implement security controls and mitigations where possible within their mode...
Post a Comment
Learn More »