Targeting of 3CXDesktopApp customers and crypto firms

Date of report

March 2023

Affiliations

Lazarus Group

Suspected members of the North Korean Lazarus Group targeted customers of the voice and video conferencing software 3CXDesktopApp in a financially motivated supply-chain attack during March 2023. The infected infrastructure was spread primarily across European countries, with additional victims in South Africa, the United Kingdom, and North America. In addition to being targeted with an info-stealer, some victims—most of whom were cryptocurrency firms in Brazil, France, Germany, and Italy—were also infected with a second-stage payload.

Suspected victims

Software company 3CX and users of its equipment

Suspected state sponsor

Korea (Democratic People's Republic of)

Type of incident

Espionage

Target category

Private sector

Victim government reaction

Unknown

Policy response

Unknown

CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events