www.itnews.com.au
Open in
urlscan Pro
203.176.102.69
Public Scan
URL:
https://www.itnews.com.au/news/obsolete-financial-trading-software-led-to-3cx-vulnerability-593497
Submission: On April 24 via api from TR — Scanned from AU
Submission: On April 24 via api from TR — Scanned from AU
Form analysis
1 forms found in the DOMPOST /news/obsolete-financial-trading-software-led-to-3cx-vulnerability-593497
<form id="frm-login" action="/news/obsolete-financial-trading-software-led-to-3cx-vulnerability-593497" method="post">
<h3 class="section-header"><span>Log In</span></h3>
<div id="login-form-register"><a href="/register">Don't have an account? Register now!</a></div>
<div id="login-validation"></div>
<div id="login-response"></div>
<div class="form-label email-login">Email:</div>
<div class="form-input"><input id="username" name="username" type="text" required=""></div>
<div class="form-label password-login">Password:</div>
<div class="form-input"><input id="password" name="password" type="password" required=""></div>
<div class="row form-checkbox">
<input id="rememberMe" name="rememberMe" type="checkbox"><label for="rememberMe">Remember me</label><span> | <a href="/forgot" title="Forgot your password?">Forgot your password?</a></span>
</div>
</form>
Text Content
Latest News GOOGLE OAUTH BUG LEFT ACCOUNTS OPEN TO PERMANENT COMPROMISE AUSTRALIA'S LARGE ENTERPRISES KNUCKLE DOWN ON OPTIMISATION SILVER LAKE MAKES PLAY FOR GERMANY'S SOFTWARE AG GOV WARNED TO TREAD CAREFULLY IN CYBER SECURITY REVIEW SAP TO EMBED CHATGPT IN PRODUCTS * Australia Edition * Asia Edition LOG IN SUBSCRIBE Search BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP State of Sustainability State of Security State of IT Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH * NEWS * GOVERNMENT * SECURITY * REPORTS * RESOURCES * PODCAST * BENCHMARKS NEWS BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP GOVERNMENT SECURITY REPORTS State of Sustainability State of Security State of IT RESOURCES Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH PODCAST BENCHMARKS Australia Edition Asia Edition LOG IN Email: Password: Remember me | Forgot password? Don't have an account? Register now! * Home * News * Technology * Security OBSOLETE FINANCIAL TRADING SOFTWARE LED TO 3CX VULNERABILITY By Richard Chirgwin on Apr 24, 2023 6:37AM VICTIMS ALSO FOUND IN ENERGY, FINANCIAL SECTORS. A Mandiant investigation has found the breach of 3CX’s popular smartphone began when the vendor's staff installed compromised software from Trading Technologies. The breach has also reached beyond 3CX, with Symantec claiming to have identified victims in the energy and financial sectors. Mandiant said it’s the first time it has seen a chain of supply chain attacks, and pointed the finger at a “tampered installer for X_Trader, a software package provided by Trading Technologies”. According to Trading Technologies, X_Trader was meant to be discontinued in 2020, in a phase-out that commenced in 2018. However, Mandiant said it was still available for download in 2022. “This file was signed with the subject ‘Trading Technologies International, Inc’ and contained the executable file Setup.exe that was also signed with the same digital certificate," Mandiant said. "The code signing certificate used to digitally sign the malicious software was set to expire in October 2022." The installation of the compromised software led to “a complex loading process and the deployment of VEILEDSIGNAL, a multi-stage modular backdoor, and its modules”, Mandiant said. VEILEDSIGNAL implanted its backdoor, and downloaded an encrypted command and control (C2) module from GitHub. The C2 installed itself on whichever of Chrome, Firefox or Edge it found first. It also set Windows to listen for incoming communications which it passed to its server. Mandiant said that “the attacker was able to compromise both the Windows and macOS build environments.” It reiterated its earlier suspicion that North Korean actors dubbed UNC4376 were behind the attack. Symantec has since claimed the compromised version of X_Trader was installed by other organisations. The company’s threat hunter team doesn’t name the victims, but said the compromised software had been found in a critical infrastructure companies in the energy sector, one in North America and one in Europe, as well as in two financial trading organisations. “It appears likely that the X_Trader supply chain attack is financially motivated, since Trading Technologies, the developer of X_Trader, facilitates futures trading, including energy futures," Symantec said. Regarding the compromise of critical infrastructure targets, Symantec said that “North Korean-sponsored actors are known to engage in both espionage and financially motivated attacks and it cannot be ruled out that strategically important organisations breached during a financial campaign are targeted for further exploitation.” Got a news tip for our journalists? Share it with us anonymously here. Copyright © iTnews.com.au . All rights reserved. Tags: 3cxmandiantsecuritytrading technologies PARTNER CONTENT Partner Content Digital share trading powers Australian investors Partner Content Akkodis bridges the digital tech skills gap Partner Content How to build trust in government through citizen engagement Partner Content How to give home and remote workers an equal voice in hybrid meetings SPONSORED WHITEPAPERS Creating the Sustainable IT Department Modernize and innovate in a Multicloud operating model The Future Belongs to the Innovators Manufacturers’ Perspectives on Modernizing with Edge Computing and 5G eBook State of Email Security Report 2023 EVENTS * OpenText Summit 2023 | Content Manager Forum * IoT Impact Conference * IoT Awards 2022 By Richard Chirgwin Apr 24 2023 6:37AM 0 Comments RELATED ARTICLES * Western Sydney University takes down student management system * Australian researchers plant false memories in chatbots * Fortra attributes GoAnywhere breach to a zero day vulnerability * Britain sounds alarm on spyware, mercenary hacking market MOST READ ARTICLES WESTERN SYDNEY UNIVERSITY TAKES DOWN STUDENT MANAGEMENT SYSTEM CYBER SECURITY NSW STARES DOWN $70M SHORTFALL AUSTRALIAN INSURERS WARN AGAINST OUTRIGHT RANSOMWARE PAYMENT BAN INSECURE TECH IS A NATIONAL SECURITY RISK, GOV AGENCIES WARN Please enable JavaScript to view the comments powered by Disqus. DIGITAL NATION Case study: Transurban uses automation to detect road incidents Meta threatens to take news off its platform in the US. Yep, we're here again Cover Story: The business of gaming will reshape marketing, technology Case Study: How HCF reengaged its customers through data and analytics Case study: How La Trobe University sets its data students up for success Sponsored Links * Rittal All-in-one Micro Data Centre Solutions for all on-premise applications – Rack, Power, Cooling, Security & Monitoring. MOST POPULAR TECH STORIES * COVER STORY: THE BUSINESS OF GAMING WILL RESHAPE MARKETING, TECHNOLOGY TRUST AND ETHICS DROP NATIONALLY: GOVERNANCE INSTITUTE OF AUSTRALIA CASE STUDY: HOW HCF REENGAGED ITS CUSTOMERS THROUGH DATA AND ANALYTICS DIGITAL ADVERTISING ADDS $94B TO GDP: IAB AUSTRALIA STATE OF SECURITY 2022 * MICROSOFT TO ENFORCE TEAMS ROOMS DEVICE LICENSES KARL SICE JOINS DXC TECHNOLOGY AS CLIENT PARTNER FOUR PARTNERS PICKED BY NBN FOR FIBRE UPGRADE MACTEL BECOMES MACTECH FIRST CARDIAC HOSPITAL GOES WITH TEAMS-BASED MESSAGING FOR STAFF * RIGHT TO REPAIR: LARGE SCALE IT BUYERS CAN INFLUENCE PRODUCT DESIGN... AND THEY SHOULD SHIVERING IN SUMMER? SWEATING IN WINTER? YOUR BUILDING IS LIVING A LIE BUILDING A MODERN WORKPLACE FOR A REMOTE WORKFORCE VENOM BLACKBOOK ZERO 15 PHANTOM HOW LONG WILL A UPS KEEP YOUR COMPUTERS ON IF THE LIGHTS GO OUT? * ANNOUNCING THE 2022-23 IOT AWARDS FINALISTS WHEN MINUTES SAVE LIVES: IOT DELIVERS EARLIER FLOOD WARNINGS SAMSUNG, WHIRLPOOL BANK ON SMART FRIDGE RENAISSANCE A SELF-MANAGING SMART BIN FOR EWASTE HOW SYDNEY OLYMPIC PARK IS SETTING THE PACE ON DIGITAL TRANSPARENCY Contact Us About Us Feedback Advertise Newsletter Archive Site Map RSS © 2023 nextmedia Pty Ltd. OTHER TECH SITES: BIT | CRN Australia | Digital Nation | IoT Hub All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation. Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions. Powered By Accept By using our site you accept that we use and share cookies and similar technologies to perform analytics and provide content and ads tailored to your interests. By continuing to use our site, you consent to this. Please see our Cookie Policy for more information. Close LOG IN Don't have an account? Register now! Email: Password: Remember me | Forgot your password? Log InCancel