X_TRADER
Trading Technologies X_TRADER software delivered backdoor.
A compromised installer for the retired X_TRADER financial software, available on Trading Technologies' official website and signed with their certificate, contained the VEILEDSIGNAL backdoor. It infected a 3CX employee, initiating a cascading supply chain attack, and reportedly impacted other energy and financial sector organizations.
- Date
- 2021-11-01 to 2022-07-26
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Website compromise
What Was Affected
Package
X_TRADER
ComponentApplication
Artifact typebinary archive
Domain typeproject download host
Domain
tradingtechnologies.com
Compromised Versions
- Specific X_TRADER installer versions available Nov 2021 - July 2022 (e.g., X_TRADER_r7.17.90p608.exe)
Incident Context
- Motive
- Financial gain
- Attribution
- Nation-state
- Transitive
- No
- User Impact
- 97
- Observed Duration
- 267 days
Evidence
Compromised Artifacts
- tradingtechnologies.com/x-trader/downloads/X_TRADER_r7.17.90p608.exe
- tradingtechnologies.com/legacy-downloads/X_TRADER%20Pro%207.17.10.exe
- downloads.tradingtechnologies.com/trading-software/x-trader/legacy/setup.exe
Current Artifacts and Analysis
Indicators and Changes
Hashes
md5:ef4ab22e565684424b4142b1294f1f4dsha256:88968c9f1de3c41c54a025a0f51a818c1a0b0c98e7affe0ea0aa0ad6e441fc46sha256:8c9395a019def2cc80a0320a1285ccc4cb1cd73ecb89886a1c03da5aaf5db0a3
External References
- cloud.google.com/blog/topics/threat-intelligence/3cx-software-supply-chain-compromise
- securityweek.com/cascading-supply-chain-attack-3cx-hacked-after-employee-downloaded-trojanized-app
- cybersecuritydive.com/news/3cx-x-trader-symantec-supply-chain/648414
- zetter-zeroday.com/software-maker-3cx-was-compromised
Source Data
Source record: proprietary/x_trader/meta.yaml