Targeting of 3CXDesktopApp customers and crypto firms
Date of report
  • March 2023
Suspected members of the North Korean Lazarus Group targeted customers of the voice and video conferencing software 3CXDesktopApp in a financially motivated supply-chain attack during March 2023. The infected infrastructure was spread primarily across European countries, with additional victims in South Africa, the United Kingdom, and North America. In addition to being targeted with an info-stealer, some victims—most of whom were cryptocurrency firms in Brazil, France, Germany, and Italy—were also infected with a second-stage payload.
Suspected victims
  • Software company 3CX and users of its equipment
Suspected state sponsor
  • Korea (Democratic People's Republic of)
Type of incident
  • Espionage
Target category
  • Private sector
Victim government reaction
  • Unknown
Policy response