At a glance.
- 3CX is not the only victim in the recent supply chain attack.
- PaperCut critical vulnerability under active exploitation, as are Google and MinIO vulnerabilities.
- Bumblebee malware loader used by ransomware gangs.
- Decoy Dog, a new unique malware toolkit.
- Report: the alleged Discord Papers leaker shared earlier and more widely than previously known.
- Cyberattack against Eurocontrol.
3CX is not the only victim in the recent supply chain attack.
The supply chain attack that affected 3CX didn’t end at the telecommunications company. The Trojanized X_Trader software which led to the 3CX attack was available for download in 2022, and it seems to have been downloaded by at least two critical infrastructure organizations. Symantec reported Friday that “The X_Trader software supply chain attack affected more organizations than 3CX. Initial investigation by Symantec’s Threat Hunter Team has, to date, found that among the victims are two critical infrastructure organizations in the energy sector, one in the U.S. and the other in Europe.” Symantec adds “The process for payload installation is almost identical as that seen with the Trojanized 3CX app.” Given the nature of the initially infected software (X_Trader is a financial trading program), it seems that this could be a financially motivated attack. Symantec explained that there are probably more victims as this breach is indicative of a complex and “successful template for software supply chain attack.” For information on this supply-chain attack, see CyberWire Pro.