News Heading - 1

Capita’s Microsoft Office 365 Apps Disrupted in Cyberattack

  • Written by Ari Denial Cybersecurity & Tech Writer

Capita, an IT services and consultancy firm, has acknowledged that it experienced a cyberattack last Friday. The incident disrupted access to internal Microsoft Office 365 apps, causing many clients across the UK, including government organizations, to experience disruption. However, in a statement sent to shareholders this morning, Capita confirmed that the hack did not compromise any data.

The Company has public sector contracts worth £6.5 billion in outsourced IT services and other areas and employs 50,000 people, experienced a cyberattack that disrupted services for several consumers. They claim that most of its services were still available. Capita operates in the South Africa, India, UK and Europe and is among the biggest providers to the UK government.

Capita experienced technical issues on Friday, causing personnel to lose access to their systems. Later in the day, Capita acknowledged the issue as a “technical problem” and assured clients that they were cooperating with technical partners to fix the issue. The company provides services to various clients, including the British military, NHS, local councils, and the BBC.

Capita’s involvement in critical areas like Royal Navy training facilities and security at Ministry of Defense bases resulted in other governmental agencies being informed of the incident, according to a source familiar with the situation.

As a result of the cyberattack, people working at affected sites were forced to resort to using radios, pens, and paper. Local councils, including Barnet, Barking and Dagenham, Lambeth, and South Oxfordshire, which rely on Capita services, have all reported issues. The Cabinet Office stated that it is in frequent contact with Capita as they investigate the matter.

Capita’s network issue, limited to certain areas, has been contained, according to the company’s statement. Although some customers’ services were disrupted, Capita has restored access to Microsoft Office 365 and is making progress in fixing other client services in a secure manner. Capita confirmed that no customer, supplier, or colleague data had been compromised. However, the incident has caused a 3% decrease in the company’s share price since last Friday.

Cryptocurrency Firms Hit by 3CX Attack Using Gopuram Malware - 2

Cryptocurrency Firms Hit by 3CX Attack Using Gopuram Malware

  • Written by Ari Denial Cybersecurity & Tech Writer

North Korean threat actors, known as Lazarus Group, conducted a supply chain attack on 3CX, a VoIP communications company. The attackers targeted the company’s customers by distributing trojanized versions of its desktop applications for Windows and macOS, resulting in a large-scale compromise.

Researchers have found that the attack is spread via trojanized MSI installers for 3CXDesktopApp and that the installation package contains an infected DII library. The payload connects to a command-and-control (C2) server and downloads an infostealer, which then collects system information and browser history and sends it back to the C2 server.

The Gopuram malware has been found to be responsible for a number of infections that increased in March 2023, and it was discovered that the cause was directly related to the 3CX supply chain attack. Cryptocurrency companies were specifically targeted, and the malware dropped two files on infected machines: a malicious library called wlbsctrl.dll and an encrypted shellcode payload located in C:\Windows\System32\config\TxR.TxR.0.regtrans-ms.

Kaspersky researchers revealed that the Gopuram malware was used by the attackers with surgical precision, targeting less than ten infected machines. This suggests that the attackers had a financial motive and were specifically interested in such companies.

The infected 3CX software installations were found worldwide, with the highest figures in Germany, France, Italy and Brazil. The researchers noted that the attackers had a particular interest in cryptocurrency companies.

After several customers reported that 3CXDesktopApp was being flagged as malicious by security software, 3CX confirmed that its Electron-based desktop client was compromised with malware.

Following the supply chain attack against 3CX, the company has advised its customers to uninstall the Electron desktop app from their Windows and macOS systems and switch to the progressive web application Web Client App.

High-profile companies and organizations such as Mercedes-Benz, Honda, Air France, UK’s National Health Service, Coca-Cola, American Express, McDonald’s, IKEA, BMW and Toyota, are among the customers of 3CX.