UPDATE: Mandiant Initial Analysis of 3CXDesktopApp Supply Chain Attack Confirms North Korean Threat Actor

Context On April 11, 2023, 3CX released the initial results of Mandiant’s incident response and investigation into the supply chain attack that compromised 3CXDesktopApp. According to the report, the activity is attributable to the North Korean threat group UNC4736. Technical Details According to Mandiant: “the attacker infected targeted 3CX systems with TAXHAUL (AKA “TxRLoader”) malware….

Read More

Ongoing Campaign Hijacking 3CXDesktopApp to Deliver Infostealer

Context On March 29, 2023, multiple cybersecurity firms began reporting that 3CXDesktopApp, a Voice Over Internet Protocol (VOIP) Private Automatic Branch Exchange (PABX) enterprise call routing software, is currently compromised in a supply chain attack. Multiple investigations have reported that an unknown threat actor has trojanized installers for 3CXDesktopApp, to install an information stealing malware….

Read More

FBI IC3 2022 Internet Crime Report Identifies Key BEC and Ransomware Trends

Context On March 27, 2023, the Federal Investigation Bureau released the IC3 2022 Internet Crime Report. The report covers major trends found across complaints investigated by the IC3, which the FBI defines as “an intelligence-driven and threat focused national security organization with both intelligence and law enforcement responsibilities.” Key Takeaways According to the report key…

Read More

Understanding the Business Impact of Bots

Digital transformation efforts continue to accelerate and are pivotal for industries to sustain business and ensure growth. The major challenge is securing applications against malicious bots. Marshalling the resources to achieve this requires explaining the quantitative and qualitative impacts bots have on your business in terms your board and C-Suite will understand. As a business…

Read More

Social Engineering Scams Targeting Fashion and Brand Influencers Increasing in Prevalence and Sophistication

Context During the second half of 2022, multiple RH-ISAC member analysts reported observing increases in fraud and phishing activity targeting popular social media figures and user-generated content (UGC) creators (i.e. “influencers”) leveraging member brand names as part of the scams. The fraud activity spikes observed in the past few months have been both prolific and…

Read More