urlscan.io logo urlscan.io
SecurityTrails logo

www.itnews.com.au Open in urlscan Pro
203.176.102.69  Public Scan

Back to summary
URL: https://www.itnews.com.au/news/obsolete-financial-trading-software-led-to-3cx-vulnerability-593497
Submission: On April 24 via api from TR — Scanned from AU

Form analysis 1 forms found in the DOM

POST /news/obsolete-financial-trading-software-led-to-3cx-vulnerability-593497

<form id="frm-login" action="/news/obsolete-financial-trading-software-led-to-3cx-vulnerability-593497" method="post">
  <h3 class="section-header"><span>Log In</span></h3>
  <div id="login-form-register"><a href="/register">Don't have an account? Register now!</a></div>
  <div id="login-validation"></div>
  <div id="login-response"></div>
  <div class="form-label email-login">Email:</div>
  <div class="form-input"><input id="username" name="username" type="text" required=""></div>
  <div class="form-label password-login">Password:</div>
  <div class="form-input"><input id="password" name="password" type="password" required=""></div>
  <div class="row form-checkbox">
    <input id="rememberMe" name="rememberMe" type="checkbox"><label for="rememberMe">Remember me</label><span>&nbsp; | &nbsp;<a href="/forgot" title="Forgot your password?">Forgot your password?</a></span>
  </div>
</form>

Text Content

Latest News


GOOGLE OAUTH BUG LEFT ACCOUNTS OPEN TO PERMANENT COMPROMISE


AUSTRALIA'S LARGE ENTERPRISES KNUCKLE DOWN ON OPTIMISATION


SILVER LAKE MAKES PLAY FOR GERMANY'S SOFTWARE AG


GOV WARNED TO TREAD CAREFULLY IN CYBER SECURITY REVIEW


SAP TO EMBED CHATGPT IN PRODUCTS

 * Australia Edition

 * Asia Edition



LOG IN SUBSCRIBE  
Search
BUSINESS CLOUD DATA CENTRE
EDUCATION FINANCE HARDWARE
HEALTHCARE INDUSTRIAL NETWORKING
PROJECTS SOFTWARE STORAGE
STRATEGY TECHNOLOGY TELCO/ISP
State of Sustainability State of Security State of IT
Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH
 * NEWS
 * GOVERNMENT
 * SECURITY
 * REPORTS
 * RESOURCES
 * PODCAST
 * BENCHMARKS

NEWS

BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL
NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP
GOVERNMENT SECURITY REPORTS

State of Sustainability State of Security State of IT
RESOURCES

Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH
PODCAST BENCHMARKS
Australia Edition

Asia Edition



LOG IN

Email:

Password:

Remember me |  Forgot password?



Don't have an account? Register now!
 * Home
 * News
 * Technology
 * Security


OBSOLETE FINANCIAL TRADING SOFTWARE LED TO 3CX VULNERABILITY

By Richard Chirgwin on Apr 24, 2023 6:37AM


VICTIMS ALSO FOUND IN ENERGY, FINANCIAL SECTORS.

A Mandiant investigation has found the breach of 3CX’s popular smartphone began
when the vendor's staff installed compromised software from Trading
Technologies.

The breach has also reached beyond 3CX, with Symantec claiming to have
identified victims in the energy and financial sectors.

Mandiant said it’s the first time it has seen a chain of supply chain attacks,
and pointed the finger at a “tampered installer for X_Trader, a software package
provided by Trading Technologies”.



According to Trading Technologies, X_Trader was meant to be discontinued in
2020, in a phase-out that commenced in 2018.

However, Mandiant said it was still available for download in 2022.



“This file was signed with the subject ‘Trading Technologies International, Inc’
and contained the executable file Setup.exe that was also signed with the same
digital certificate," Mandiant said.

"The code signing certificate used to digitally sign the malicious software was
set to expire in October 2022."

The installation of the compromised software led to “a complex loading process
and the deployment of VEILEDSIGNAL, a multi-stage modular backdoor, and its
modules”, Mandiant said.

VEILEDSIGNAL implanted its backdoor, and downloaded an encrypted command and
control (C2) module from GitHub.

The C2 installed itself on whichever of Chrome, Firefox or Edge it found first.
It also set Windows to listen for incoming communications which it passed to its
server.



Mandiant said that “the attacker was able to compromise both the Windows and
macOS build environments.”

It reiterated its earlier suspicion that North Korean actors dubbed UNC4376 were
behind the attack.

Symantec has since claimed the compromised version of X_Trader was installed by
other organisations.

The company’s threat hunter team doesn’t name the victims, but said the
compromised software had been found in a critical infrastructure companies in
the energy sector, one in North America and one in Europe, as well as in two
financial trading organisations.

“It appears likely that the X_Trader supply chain attack is financially
motivated, since Trading Technologies, the developer of X_Trader, facilitates
futures trading, including energy futures," Symantec said.

Regarding the compromise of critical infrastructure targets, Symantec said that
“North Korean-sponsored actors are known to engage in both espionage and
financially motivated attacks and it cannot be ruled out that strategically
important organisations breached during a financial campaign are targeted for
further exploitation.”

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © iTnews.com.au . All rights reserved.
Tags:
3cxmandiantsecuritytrading technologies



PARTNER CONTENT


Partner Content Digital share trading powers Australian investors

Partner Content Akkodis bridges the digital tech skills gap

Partner Content How to build trust in government through citizen engagement

Partner Content How to give home and remote workers an equal voice in hybrid
meetings


SPONSORED WHITEPAPERS


Creating the Sustainable IT Department

Modernize and innovate in a Multicloud operating model

The Future Belongs to the Innovators

Manufacturers’ Perspectives on Modernizing with Edge Computing and 5G eBook

State of Email Security Report 2023


EVENTS

 * OpenText Summit 2023 | Content Manager Forum
 * IoT Impact Conference
 * IoT Awards 2022

By Richard Chirgwin
Apr 24 2023
6:37AM
0 Comments





RELATED ARTICLES

 * Western Sydney University takes down student management system
 * Australian researchers plant false memories in chatbots
 * Fortra attributes GoAnywhere breach to a zero day vulnerability
 * Britain sounds alarm on spyware, mercenary hacking market





MOST READ ARTICLES


WESTERN SYDNEY UNIVERSITY TAKES DOWN STUDENT MANAGEMENT SYSTEM


CYBER SECURITY NSW STARES DOWN $70M SHORTFALL


AUSTRALIAN INSURERS WARN AGAINST OUTRIGHT RANSOMWARE PAYMENT BAN


INSECURE TECH IS A NATIONAL SECURITY RISK, GOV AGENCIES WARN


Please enable JavaScript to view the comments powered by Disqus.


DIGITAL NATION


Case study: Transurban uses automation to detect road incidents

Meta threatens to take news off its platform in the US. Yep, we're here again

Cover Story: The business of gaming will reshape marketing, technology

Case Study: How HCF reengaged its customers through data and analytics

Case study: How La Trobe University sets its data students up for success

Sponsored Links
 * Rittal All-in-one Micro Data Centre Solutions for all on-premise applications
   – Rack, Power, Cooling, Security & Monitoring.


MOST POPULAR TECH STORIES

 *  
   
   
   COVER STORY: THE BUSINESS OF GAMING WILL RESHAPE MARKETING, TECHNOLOGY
   
   
   TRUST AND ETHICS DROP NATIONALLY: GOVERNANCE INSTITUTE OF AUSTRALIA
   
   
   CASE STUDY: HOW HCF REENGAGED ITS CUSTOMERS THROUGH DATA AND ANALYTICS
   
   
   DIGITAL ADVERTISING ADDS $94B TO GDP: IAB AUSTRALIA
   
   
   STATE OF SECURITY 2022

 *  
   
   
   MICROSOFT TO ENFORCE TEAMS ROOMS DEVICE LICENSES
   
   
   KARL SICE JOINS DXC TECHNOLOGY AS CLIENT PARTNER
   
   
   FOUR PARTNERS PICKED BY NBN FOR FIBRE UPGRADE
   
   
   MACTEL BECOMES MACTECH
   
   
   FIRST CARDIAC HOSPITAL GOES WITH TEAMS-BASED MESSAGING FOR STAFF

 *  
   
   
   RIGHT TO REPAIR: LARGE SCALE IT BUYERS CAN INFLUENCE PRODUCT DESIGN... AND
   THEY SHOULD
   
   
   SHIVERING IN SUMMER? SWEATING IN WINTER? YOUR BUILDING IS LIVING A LIE
   
   
   BUILDING A MODERN WORKPLACE FOR A REMOTE WORKFORCE
   
   
   VENOM BLACKBOOK ZERO 15 PHANTOM
   
   
   HOW LONG WILL A UPS KEEP YOUR COMPUTERS ON IF THE LIGHTS GO OUT?

 *  
   
   
   ANNOUNCING THE 2022-23 IOT AWARDS FINALISTS
   
   
   WHEN MINUTES SAVE LIVES: IOT DELIVERS EARLIER FLOOD WARNINGS
   
   
   SAMSUNG, WHIRLPOOL BANK ON SMART FRIDGE RENAISSANCE
   
   
   A SELF-MANAGING SMART BIN FOR EWASTE
   
   
   HOW SYDNEY OLYMPIC PARK IS SETTING THE PACE ON DIGITAL TRANSPARENCY

Contact Us About Us Feedback Advertise Newsletter Archive Site Map RSS
  © 2023 nextmedia Pty Ltd.
OTHER TECH SITES: BIT  |  CRN Australia  |  Digital Nation  |  IoT Hub
All rights reserved. This material may not be published, broadcast, rewritten or
redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy
and Terms & Conditions.
Powered By




Accept
By using our site you accept that we use and share cookies and similar
technologies to perform analytics and provide content and ads tailored to your
interests. By continuing to use our site, you consent to this. Please see our
Cookie Policy for more information.




 Close


LOG IN

Don't have an account? Register now!


Email:

Password:

Remember me  |  Forgot your password?
Log InCancel