31 March 2023

6 min read

3CX supply chain attack after installer compromised with malware | Cyber Intelligence Briefing: 31 March

March 2023
3CX supply chain attack after installer compromised with malware | Cyber Intelligence Briefing: 31 March placeholder thumbnail


Top news stories this week

  1. Phone-y business. 3CX supply chain attack after installer compromised with malware.
  2. Artificially secure. Microsoft announces AI-powered cyber security assistant days after ChatGPT data breach.
  3. The grey zone. Leaked documents offer rare glimpse into Russian cyber warfare.
  4. Fine print. Law firm fined for poor cyber security that led to a ransomware attack.
  5. Operation Power Off. NCA sets up fake DDoS-for-hire sites to catch criminals.
  6. Stepping up. Cyber security education becomes mandatory in North Dakota schools.
  7. Patch perfect. Patches released for Apple iOS and Veeam VBR.

Due to the Easter break, there will be no Cyber Intelligence Briefing next Friday. We will return with our regular update on 14 April 2023.


1. 3CX desktop app compromised in major supply chain attack

Threat actors have compromised an installer for the 3CX VoIP (Voice over Internet Protocol) desktop client and have been using it to push malware to the communication company’s customers. Security researchers have linked the attack to the North Korean state-backed hacking operation Lazarus Group.

So what?

If you have recently installed one of the impacted 3CX desktop applications, immediate containment actions are advised.



2. Microsoft announces AI-powered Security Co-pilot on heels of ChatGPT data breach

Microsoft has announced Security Copilot, a new AI-powered assistant based on OpenAI’s newest generative AI model GPT-4. Microsoft claims it will help cyber security professionals better identify and respond to breaches.

The news coincides with OpenAI’s confirmation that ChatGPT suffered a data breach that exposed user chat history and payment-related information and Italy’s announcement that it has banned ChatGPT over privacy concerns.

So what?

As AI becomes increasingly integrated into daily life, it is important to exercise caution when disclosing sensitive information and be aware of the risks.



3. Whistleblower sheds lights on Russian cyber warfare

A series of leaked documents have been published that detail secret links between a private cyber security consultancy and Russian military and intelligence agencies. The leak offers a rare insight into Russia’s weaponisation of the digital sphere and how it leverages cyber capabilities in pursuit of its geopolitical aims.

So what?

As the Russia-Ukraine conflict continues, it is important to be aware of how spillover might impact your organisation’s risk profile.



4. Law firm fined after poor data security led to ransomware attack

New York’s attorney general has fined law firm Heidell, Pittoni, Murphy & Bach (HPMB) USD 200,000 for its ‘poor data security’. The firm suffered a ransomware attack in 2021 that resulted in the leak of sensitive data relating to 114,000 of its hospital clients. The attacker exploited a known vulnerability in the email server, which HPMB had failed to patch.

So what?

Failing to have a functioning patch management programme will increase the risk that vulnerable systems are exploited and, in the case of HPMB, have ransomware deployed.




Cyber Security Insights Report


5. NCA sets up fake DDoS for hire sites to catch cyber criminals

The UK’s National Crime Agency (NCA) announced that they used fake DDoS-for-hire websites to catch would-be cyber criminals as part of Operation Power Off. Upon engaging with the fake websites, a warning page informs the user of data collection and notifies them of future contact from law enforcement.

So what?

Distributed Denial of Service (DDoS) attacks can cause major disruption by making online resources inaccessible. Ensure your organisation has suitable protection in place, particularly if you have low tolerance for service downtime.



6. Cyber security education bill passed in North Dakota

North Dakota became the first US state to mandate cyber security education after the state governor signed a bill requiring the teaching of cyber security and computer science for all children aged 5 to 18. The curriculum is expected to be finalised in 2024.

So what?

Human negligence is regularly exploited by an attacker to gain system initial access, making cyber security awareness for all ages important. Providing cyber security training can improve employee preparedness and reduce the risk of human error.



7. Patches released for Apple IOS and Veeam VBR

Apple has recently released the iOS 16.4 update, which addressed 33 security vulnerabilities. The update includes a fix for a critical kernel vulnerability that could allow threat actors to execute arbitrary code, as well as a sandbox vulnerability that could enable an app to bypass privacy settings.

Separately, Veeam released a patch for its Backup and Replication (VBR) software in response to a publicly disclosed exploit that could allow threat actors to interact with backup infrastructure and remotely execute code.

So what?

A timely patch management process significantly reduces the risk of threat actors exploiting known vulnerabilities. If your organisation makes use of Apple iOS or Veeam VBR software, install the latest update and patches immediately.



Cyber Intelligence Briefing

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.


Miles Arkwright
Miles Arkwright
Associate, Cyber Security
James Tytler
James Tytler
Associate, Cyber Security

James Tytler is a cyber security associate in S-RM’s incident response team. In addition to responding to a wide range of cyber security incidents, he also supports clients with cyber threat intelligence services.

Before joining S-RM’s cyber security team, James worked at a London-based corporate intelligence firm, where he specialised in Middle Eastern subjects.

James has a BA in Arabic and Persian from the University of Cambridge, and an MA in International Security from Sciences Po Paris. He speaks fluent French.

Miles Arkwright
Miles Arkwright

Associate, Cyber Security

James Tytler
James Tytler

Associate, Cyber Security

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.