3CX Breach Was a Double Supply Chain Compromise | allinfosecnews.com

April 21, 2023, 1:05 a.m. | BrianKrebs

Krebs on Security krebsonsecurity.com

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

3cx accounts a little sunshine attack attacks breach clearsky security compromise cryptocurrency cyberpunk defense diamond sleet elastic security eset executive fake hackers intrusion job job offer kaspersky lab kim zetter latest warnings linkedin linux mac macos malware mandiant microsoft ne'er-do-well news nested north north korean north korean hackers novel offer people software spy supply supply chain supply chain attacks supply chain compromise targeting the coming storm trading technologies voip working x_trader zero-day zinc

More from krebsonsecurity.com / Krebs on Security

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years 1 day, 17 hours ago | krebsonsecurity.com

antii kurittu coldfusion botnet convicted hacking +15

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data 2 days, 9 hours ago | krebsonsecurity.com

access amp att carriers +25

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme 1 week, 2 days ago | krebsonsecurity.com

alexander kovalev a little sunshine artem zaitsev bribe +28

Who Stole 3.6M Tax Records from South Carolina? 2 weeks, 1 day ago | krebsonsecurity.com

account aleksandr ermakov associated press bank +34

Crickets from Chirp Systems in Smart Lock Key Leak 2 weeks, 2 days ago | krebsonsecurity.com

a little sunshine august.com can chirp systems +22

Why CISA is Warning CISOs About a Breach at Sisense 2 weeks, 6 days ago | krebsonsecurity.com

agency a little sunshine breach business +28

Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers 3 weeks ago | krebsonsecurity.com

april change com domain +15

April’s Patch Tuesday Brings Record Number of Fixes 3 weeks, 1 day ago | krebsonsecurity.com

adobe after effects april azure azure ai +38

Fake Lawsuit Threat Exposes Privnote Phishing Sites 3 weeks, 6 days ago | krebsonsecurity.com

alexandr ermakov a little sunshine andrey sokol breadcrumbs +26

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Senior Software Engineer, Security

@ Niantic | Zürich, Switzerland

View on infosec-jobs.com

Consultant expert en sécurité des systèmes industriels (H/F)

@ Devoteam | Levallois-Perret, France

View on infosec-jobs.com

Cybersecurity Analyst

@ Bally's | Providence, Rhode Island, United States

View on infosec-jobs.com

Digital Trust Cyber Defense Executive

@ KPMG India | Gurgaon, Haryana, India

View on infosec-jobs.com

Program Manager - Cybersecurity Assessment Services

@ TestPros | Remote (and DMV), DC

View on infosec-jobs.com