This lab explores a real-world cyberattack that leveraged a trusted software application to infiltrate organizations, highlighting the dangers of supply chain compromises. Supply chain attacks exploit vulnerabilities in third-party software or services to bypass traditional security defenses, making them particularly difficult to detect and mitigate. In this scenario, the attackers embedded malicious code within the 3CX Desktop App, a widely used VoIP application, turning it into a delivery mechanism for malware.
As the threat intelligence analyst tasked with investigating this incident, your role is to uncover how the attackers infiltrated the system, identify the malicious components involved, and assess the tactics, techniques, and procedures TTPs they used. This process involves analyzing artifacts, extracting indicators of compromise IOCs, and mapping findings to frameworks such as MITRE ATT&CK to better understand the threat landscape.
Throughout this lab, you will examine the compromised software to identify malicious payloads, analyze their behavior, and determine the methods used to evade detection. You will also investigate the encryption techniques employed and assess the threat actor responsible for orchestrating the attack. By completing this walkthrough, you will gain valuable insights into supply chain attack methodologies and develop the skills needed to detect, analyze, and respond to such incidents effectively.