At a glance.
- 3CX is not the only victim in the recent supply chain attack.
- PaperCut critical vulnerability under active exploitation.
- KillNet is making moves to likely gain publicity and try to gain profits.
- Report: the alleged Discord Papers leaker shared earlier and more widely than previously known.
- Infostealer traded in the C2C market.
- Russia-Ukraine disinformation update.
- Crime and punishment.
- Courts and torts.
- Policies, procurements, and agency equities.
- Labor markets.
- Mergers and acquisitions.
- Investments and exits.
3CX is not the only victim in the recent supply chain attack.
The supply chain attack that affected 3CX didn’t end at the telecommunications company. The Trojanized X_Trader software which led to the 3CX attack was available for download in 2022, and it seems to have been downloaded by at least two critical infrastructure organizations. Symantec reported that “The process for payload installation is almost identical as that seen with the Trojanized 3CX app.” Given the financial nature of the initially infected software, it seems that this could be a financially motivated attack. Symantec explained that there are probably more victims as this breach is indicative of a complex and “successful template for software supply chain attack.” For information on this supply-chain attack, see CyberWire Pro.