3CX [003]
Posted on Wednesday, Sep 18, 2024
Show Notes
In this episode, Chet and Ben dive deep into the 3CX supply chain attack, tracing it back from the initial compromise to the unfolding investigations and findings over several months. We explore how the threat actors, likely linked to North Korea, managed to infiltrate a trusted software supply chain and what the security community uncovered along the way.
3CX Security Alert Mandiant Initial Results Mandiant Full Report Sophos Report on DLL Sideloading Kaspersky Labs Report Google TAG Report on Chrome 0-day Kim Zetter Blog Kim Zetter’s 3CX Article
Hosts
Chester Wisniewski (He/Him)
Chester Wisniewski is an old hat to information security having practiced the art professionally for more than 25 years. Starting out with a 300 baud modem in the 80s he became obsessed with exploring the world’s phone networks (phreaking?) which inevitably led to bulletin boards and early internet access in the mid-80s. The trust inherent in the system seemed absurd and this inspired Chester to pursue how we might build systems less prone to abuse. The rest is history.
Ben Verschaeren (He/Him)
Ben has been in Information Technology for two decades starting at the age of 14. Recently described by a senor executive as an “Adult Dennis the Menace”, Ben’s always up for a bit of cyber mayhem. Having worked across, Managed Services Providers, two of Australia’s largest Enterprises and an almost decade at a Security Vendor. Ben’s experience spans Wintel System Administration, Network Administration, Penetration Testing, and Software Development.