The hackers behind the recent large-scale supply chain attacks on VoIP provider 3CX are now specifically targeting cryptocurrency companies in an attempt to empty their wallets, researchers have warned.

By distributing a trojanized version of the VoIP solution, the attackers managed to infiltrate dozens of companies and place various stage-two malware on their endpoints. 

Now, cybersecurity researchers from Kaspersky have found the attackers also targeted, with high precision, no more than a dozen companies, with a unique backdoor called Gopuram.

Modular backdoor

BleepingComputer describes Gopuram as a modular backdoor capable of timestomping to evade detection, payload injection into already running processes, loading unsigned Windows drivers using the open-source Kernel Driver Utility, and more.

In fact, it was the use of Gopuram that made Kaspersky identify the threat actor behind the entire operation as North Korea’s Lazarus Group.

“The discovery of the new Gopuram infections allowed us to attribute the 3CX campaign to the Lazarus threat actor with medium to high confidence. We believe that Gopuram is the main implant and the final payload in the attack chain,” Kaspersky researchers said.

Lazarus targeted less than ten machines with this backdoor, all of which are crypto firms, it was said. The motivation is most likely financial, the researchers suggest.

“As for the victims in our telemetry, installations of the infected 3CX software are located all over the world, with the highest infection figures observed in Brazil, Germany, Italy and France,” the report reads. “As the Gopuram backdoor has been deployed to less than ten infected machines, it indicates that attackers used Gopuram with surgical precision. We additionally observed that the attackers have a specific interest in cryptocurrency companies.”

3CX has more than 12 million daily users, with products used by more than 600,000 companies worldwide Its customer list includes high-profile companies and organizations like American Express, Coca-Cola, McDonald’s, Air France, IKEA, the UK’s National Health Service, and multiple automakers, including BMW, Honda, Toyota, and Mercedes-Benz.

Via: BleepingComputer

Go to Source

Follow us on FacebookTwitter and InstagramWe are growing. Join our 6,000+ followers and us.

At TechRookies.com will strive to help turn Tech Rookies into Pros!

Want more articles click Here!

Deals on Homepage!

M1 Finance is a highly recommended brokerage start investing today here!

WeBull. LIMITED TIME OFFER: Get 3 free stocks valued up to $6300 by opening & funding a #Webull brokerage account! “>Get started >Thanks for visiting!

Subscribe to our newsletters. Here! On the homepage

Tech Rookies Music Here!

Disclaimer: I get commissions for purchases made through links in this post at no charge to you and thanks for supporting Tech Rookies.

Disclosure: Links contain affiliates. When you buy through one of our links we will receive a commission. This is at no cost to you. Thank you for supporting Teachrookies.com

Disclaimer: This article is for information purposes and should not be considered professional investment advice. It contains some forward-looking statements that should not be taken as indicators of future performance. Every investor has a different risk profile and goals. All investments have risks. Always do your own research or hire an expert before investing and trading.