Supply chain attacks. CrowdStrike researchers uncovered malicious activity related to 3CX late last month, including flagging infrastructure controlled by an outside cybercriminal. Investigators also reported the second phase of payload distribution and keyboard activity.

CrowdStrike directed the supply chain attacks to government-affiliated organizations associated with Labyrinth Chollima, a sophisticated, persistent threat group with ties to the DPRK.

Other researchers have linked the attacks to related actors, but federal officials have made no public attribution.

According to 3CX, the company has more than 600,000 business customers worldwide and more than 12 million daily active users.