top of page

New findings on Lazarus, the North Korean hacking group behind 3CX software breach

The cyber-security firm Symantec has found that the North Korean hacking group Lazarus has breached two critical infrastructure organizations in the power and energy sector and two businesses involved in financial trading. These new findings come on the heels of earlier suspicions that the group had compromised the X_TRADER application, which was used by these organizations. According to Symantec director of security response Eric Chien, the attacks took place between September 2022 and November 2022. The full extent of the damage is not yet known, but Chien has said that it is possible that there are more victims than have been discovered so far. This news comes after the revelation that the 3CX desktop application software was compromised last month by another software supply chain breach targeting X_TRADER. This initial breach was thought to have been carried out by the North Korean group UNC4736. It is not yet clear how UNC4736 was able to tamper with X_TRADER, but the implications of this attack are serious. This is especially true given that X_TRADER is a piece of trading software that is no longer supported by its developers. Even though the software was discontinued in April 2020, it was still available for download on the company's website as recently as last year. These findings highlight the importance of cyber-security, both for businesses and for individuals. This is a reminder that even software that is no longer supported can be a target for hackers, and that we all need to be vigilant about the potential risks posed by cyber-attacks.


bottom of page