Mandiant bolsters the case that North Korean hackers were behind 3CX supply chain hack
Voice-over IP software provider 3CX has confirmed that the recent supply chain attack was tied to North Korea-backed hackers.
3CX, which says its phone system is used by over 600,000 companies globally, hired Google-owned cybersecurity firm Mandiant to investigate last month’s massive supply chain attack on its Windows and macOS users. While that investigation remains ongoing, an interim assessment released today bolsters previous assessments that the hackers were North Korean.
“Based on the Mandiant investigation into the 3CX intrusion and supply chain attack thus far, they attribute the activity to a cluster named UNC4736. Mandiant assesses with high confidence that UNC4736 has a North Korean nexus,” Pierre Jourdan, CISO of 3XC, wrote in a blog post on Tuesday. The term "nexus" is often used by threat intelligence firms to denote that a hacking group or campaign may originate in a particular country or be made up of native speakers, but where there isn't conclusive evidence of state direction.