Suspected members of the North Korean Lazarus Group targeted customers of the voice and video conferencing software 3CXDesktopApp in a financially motivated supply-chain attack during March 2023. The infected infrastructure was spread primarily across European countries, with additional victims in South Africa, the United Kingdom, and North America. In addition to being targeted with an info-stealer, some victims—most of whom were cryptocurrency firms in Brazil, France, Germany, and Italy—were also infected with a second-stage payload.
- Software company 3CX and users of its equipment
Suspected state sponsor
- Korea (Democratic People's Republic of)
Type of incident
- Private sector