Public Notices

3CX’s supply chain attack was caused by… another supply chain attack

The incident responders investigating how hackers carried out a complex supply-chain attack targeting enterprise phone provider 3CX say the company was compromised by another supply chain attack.

3CX, which develops a software-based phone system used by more than 600,000 organizations worldwide with more than 12 million active daily users, worked with cybersecurity company Mandiant to investigate the incident. In its report released on Thursday, Mandiant said that attackers compromised 3CX using a malware-laced version of the X_Trader financial software, developed by Trading Technologies.

X_Trader was a platform used by traders to view real-time and historical markets, which Trading Technologies phased out in 2020, but Mandiant says was still available to download from the company’s website in 2022.

Mandiant said it suspects the Trading Technologies website was compromised by a group of North Korea state-backed hackers, which it refers to as UNC4736.

This is backed up by a report from Google’s Threat Analysis Group from last year, which confirmed that Trading Technologies’ website was compromised in February 2022 as part of a North Korean operation targeting dozens of cryptocurrency and fintech users. U.S. cybersecurity agency CISA says the hacking group has used its custom “AppleJeus” malware to steal cryptocurrency from victims in over 30 countries.

Mandiant’s investigation found that a 3CX employee downloaded a tainted version of the X_Trader software in April 2022 from Trading Technologies’ website, which the hackers had digitally signed with the company’s then-valid code-signing certificate to make it look as if it was legitimate.

Once installed, the software planted a backdoor on the employee’s device, giving the attackers full access to the compromised system. This access was then used to move laterally through 3CX’s network and, eventually, to compromise 3CX’s flagship desktop phone app to plant information-stealing malware inside their customers’ corporate networks.

“This is notable to us because this is the first time we’ve ever found concrete evidence of a software supply chain attack leading to another supply chain attack,” said Mandiant’s chief technology officer Charles Carmakal. “This series of coupled supply-chain attacks just illustrates the increasing cyber offensive cyber capability by North Korean threat actors.”

Mandiant says it notified Trading Technologies about the compromise on April 11 but says it’s not known how many users are affected.

Trading Technologies spokesperson Ellen Resnick told TechCrunch that the company has not yet verified Mandiant’s findings, and reiterated that it stopped supporting the software in 2020.

Mandiant’s Carmakel added that it’s likely “many more victims” related to the two supply-chain attacks will become known in the coming weeks and months.

Public Notices

Japan just found 7,000 islands it didn’t know it had

Japan has recounted its islands – and discovered it has 7,000 more than it previously thought.

Digital mapping by the Geospatial Information Authority of Japan (GSI) recently found there to be 14,125 islands in Japanese territory, more than double the figure of 6,852 that has been in official use since a 1987 report by Japan’s Coast Guard.

However, the GSI this week stressed that the new figure reflected advances in surveying technology and the detail of the maps used for the count – it did not change the overall area of land in Japan’s possession.

It said that while there is no international agreement on how to count islands, it had used the same size criterion as the previous survey 35 years ago.

That entailed counting all naturally occurring land areas with a circumference of at least 100 meters (330 feet).

The new number does not include any artificially reclaimed land.

The islands surrounding Japan have been at the heart of several territorial disputes.

Japan lays claim to the Russian-held southern Kuril islands, which Tokyo calls the Northern Territories, a dispute that dates to the end of World War II, when Soviet troops seized them from Japan.

Japan also says it has a historical claim to the uninhabited Senkaku Islands in the East China Sea, which it currently administers, but China has repeatedly challenged that claim.

Meanwhile, Japan and South Korea remain locked in a more than 70-year dispute over the sovereignty of a group of islets known as Dokdo by Seoul and Takeshima by Tokyo in the Sea of Japan, which Korea calls the East Sea.

Public Notices

Yosemite National Park to partially reopen after 3-week closure

Yosemite National Park will begin to reopen Saturday with limited access and hours, the US National Park Service has announced. The park remains closed today.

The popular park, nestled in the Sierra Nevada mountains, was closed because of a series of damaging storms that have swept across the region in recent weeks.

Public Notices

Charles and Camilla

Britain’s King Charles III and his wife, Queen Camilla, have been married since 2005. They reportedly met at a polo match in 1970 and became friends when Charles was a prince.

When Charles joined the Royal Navy in 1971, Camilla married cavalry officer Andrew Parker Bowles.

Charles married Diana Spencer in 1981 but then admitted in 1994 that he had been having an extramarital affair with Camilla. Diana confirmed his infidelity and her own the following year.

Camilla got a divorce in 1995, and Charles and Diana divorced in 1996. Camilla all but vanished from public life at the time as public and media support swung behind Diana.

In 1999, Clarence House embarked on a program to reintroduce Camilla to the public with a carefully orchestrated first appearance with Charles outside the Ritz Hotel in London.

Six years later, their decades-long love story culminated in a wedding that had the consent of Charles’ mother, Queen Elizabeth II. Camilla was confirmed as Charles’ official consort and future queen.