The Secureworks® Threat Intelligence Executive Report (Volume 2023, Number 3) explains that the 3CX supply chain attack exposes increased complexity in assessing supply chain risks. This incident, discovered in March 2023, is notable as the first example of a “double supply chain” attack. The initial compromise began when a 3CX employee downloaded a malicious installer for the X_TRADER software from Trading Technologies, which had itself been previously compromised by North Korean state-sponsored actors. This allowed attackers to access 3CX’s software development systems and infect multiple versions of 3CX’s softphone application, which is used by over 600,000 organizations globally.

Join for free to read