Supply-chain campaign
3CX DesktopApp supply chain (Lazarus)
criticalMar 22, 2023 → Apr 20, 2023
What happened
Compromise of the 3CX Electron-based desktop client distributed to millions of users. North Korea's Lazarus Group is the attributed actor; the campaign chained through an earlier compromise of a Trading Technologies installer (X_TRADER), demonstrating a cascading-supply-chain pattern.