A cyber-attack with possible links to North Korea attempted to install information-stealing malware inside more than 1,000 corporate networks in a bid to steal credentials and other information, according to an analysis published March 29, reports CyberScoop.
Researchers with cybersecurity firm SentinelOne’s SentinelLabs team traced illicit activity flagged by its detection systems back to the installation software from a company called 3CX, which according to its website provides video conferencing and online communication products to companies such as Toyota, McDonalds, Pepsi and Chevron. In total, the company says it serves some 12 million customers globally.
This sort of large-scale attack takes advantage of a company’s supply chain to install backdoors inside its customers’ networks. It can be difficult to defend against, and could lead to devastating consequences for victims. It’s also the kind of operation that is typically associated with a nation-state hacking group.
SentinelLabs, the research arm at SentinelOne, has not attributed the attack it is calling “SmoothOperator” to any particular hacking group. But researchers at the cybersecurity firm Crowdstrike said in a blog post March 29 that the attacks are likely the work of a group it calls “Labyrinth Chollima,” its name for one of the most prolific North Korean hacking units.
That group is known in the cybersecurity industry more widely as part of the “Lazarus Group,” which the U.S. government has linked to North Korean-directed malicious cyberactivity.
Timely, incisive articles delivered directly to your inbox.