coingabbar.com
A North Korea-linked group, Labyrinth Chollima, conducted a targeted supply chain attack on the 3CX softphone app, with malicious activity identified in the app's 3CXDesktopApp. Kaspersky found a Gopuram backdoor, which has only been deployed in under ten computers, mostly in cryptocurrency firms. Crowdstrike reported hands-on-keyboard activity.
The 3CX software, infected with a backdoor, has been detected worldwide, with Brazil, Germany, Italy, and France showing the highest infection rates. The attack was deemed targeted and potentially state-sponsored by Advanced Persistent Threat, according to 3CX.