X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe
Contents
X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe
North Korean-linked operation affected more organizations beyond 3CX, including two critical infrastructure organizations in the energy sector.
The X_Trader software supply chain attack affected more organizations than 3CX. Initial investigation by Symantec’s Threat Hunter Team has, to date, found that among the victims are two critical infrastructure organizations in the energy sector, one in the U.S. and the other in Europe. In addition to this, two other organizations involved in financial trading were also breached.
As reported yesterday by Mandiant, Trojanized X_Trader software was the cause of the 3CX breach, which was uncovered last month. As a result of this breach, 3CX’s software was compromised, with many customers inadvertently downloading malicious versions of the company’s voice and video calling software DesktopApp. In addition to wider victims, Symantec has also discovered additional indicators of compromise, listed below.
It appears likely that the X_Trader …
North Korean-linked operation affected more organizations beyond 3CX, including two critical infrastructure organizations in the energy sector.
The X_Trader software supply chain attack affected more organizations than 3CX. Initial investigation by Symantec’s Threat Hunter Team has, to date, found that among the victims are two critical infrastructure organizations in the energy sector, one in the U.S. and the other in Europe. In addition to this, two other organizations involved in financial trading were also breached.
As reported yesterday by Mandiant, Trojanized X_Trader software was the cause of the 3CX breach, which was uncovered last month. As a result of this breach, 3CX’s software was compromised, with many customers inadvertently downloading malicious versions of the company’s voice and video calling software DesktopApp. In addition to wider victims, Symantec has also discovered additional indicators of compromise, listed below.
It appears likely that the X_Trader …
IoC
19442d9e476e3ef990ce57b683190301e946ccb28fc88b69ab53a93bf84464ae
277119738f4bdafa1cde9790ec82ce1e46e04cebf6c43c0e100246f681ba184e
47a8e3b20405a23f7634fa296f148cab39a7f5f84248c6afcfabf5201374d1d1
6e11c02485ddd5a3798bf0f77206f2be37487ba04d3119e2d5ce12501178b378
6e989462acf2321ff671eaf91b4e3933b77dab6ab51cd1403a7fe056bf4763ba
900b63ff9b06e0890bf642bdfcbfcc6ab7887c7a3c057c8e3fd6fba5ffc8e5d6
aa318070ad1bf90ed459ac34dc5254acc178baff3202d2ea7f49aaf5a055dd43
cb374af8990c5f47b627596c74e2308fbf39ba33d08d862a2bea46631409539f
cc4eedb7b1f77f02b962f4b05278fa7f8082708b5a12cacf928118520762b5e2
d937e19ccb3fd1dddeea3eaaf72645e8cd64083228a0df69c60820289b1aa3c0
e185c99b3d1085aed9fda65a9774abd73ecf1229f14591606c6c59e9660c4345
f8c370c67ffb3a88107c9022b17382b5465c4af3dd453e50e4a0bd3ae9b012ce
https://www.tradingtechnologies.com/trading/order-management
277119738f4bdafa1cde9790ec82ce1e46e04cebf6c43c0e100246f681ba184e
47a8e3b20405a23f7634fa296f148cab39a7f5f84248c6afcfabf5201374d1d1
6e11c02485ddd5a3798bf0f77206f2be37487ba04d3119e2d5ce12501178b378
6e989462acf2321ff671eaf91b4e3933b77dab6ab51cd1403a7fe056bf4763ba
900b63ff9b06e0890bf642bdfcbfcc6ab7887c7a3c057c8e3fd6fba5ffc8e5d6
aa318070ad1bf90ed459ac34dc5254acc178baff3202d2ea7f49aaf5a055dd43
cb374af8990c5f47b627596c74e2308fbf39ba33d08d862a2bea46631409539f
cc4eedb7b1f77f02b962f4b05278fa7f8082708b5a12cacf928118520762b5e2
d937e19ccb3fd1dddeea3eaaf72645e8cd64083228a0df69c60820289b1aa3c0
e185c99b3d1085aed9fda65a9774abd73ecf1229f14591606c6c59e9660c4345
f8c370c67ffb3a88107c9022b17382b5465c4af3dd453e50e4a0bd3ae9b012ce
https://www.tradingtechnologies.com/trading/order-management