Forensic Analysis Confirms Involvement of North Korean Attackers in 3CX Supply Chain Attack

15 April 2023
3CX confirmed that the software supply chain attack was the work of a North Korean hacker group, UNC4736. The group used the Taxhaul and Simplesea malware for infecting Windows and macOS, respectively. Attackers used Taxhaul (or TxRLoader) to target Windows machines, which was further used to deploy a second-stage payload called Coldcat.