Hackers modified an enterprise communication company’s installation software in an attack that could steal credentials and other information from companies around the world, according to an analysis published Wednesday.
Researchers with cybersecurity firm SentinelOne’s SentinelLabs team traced illicit activity flagged by its detection systems back to the installation software from a company called 3CX, which according to its website provides video conferencing and online communication products to companies such as Toyota, McDonalds, Pepsi and Chevron. In total, the company says it serves some 12 million customers globally.
This sort of large-scale attack that takes advantage of a company’s supply chain — similar to how attackers leveraged a flaw within a SolarWinds product update to install backdoors inside its customers’ networks — can be difficult to defend against and could lead to devastating consequences for victims. It’s also the kind of operation that is typically associated with a nation-state hacking group.
“This is an op that has been going on for a while,” said Juan Andrés Guerrero-Saade, senior director of SentinelLabs, noting that a GitHub repository associated with the campaign dates back to early December. Other infrastructure associated with the campaign date back as far as February 2022. He added that early indications suggest “at least attempted victims upwards of 1,000 organizations, which means that it’s got to be a much larger number beyond our visibility.”
Advertisement
The campaign could be seen as an “enabler operation,” Guerrero-Saade added, noting that the attackers are infecting many enterprises, stealing credentials and other information, “and then figure ..
Support the originator by clicking the read the rest link below.
