Software supply-chain attacks, in which hackers corrupt widely used applications to push their own code to thousands or even millions of machines, have become a scourge, both insidious and potentially huge in the breadth of their impact. But the latest major software supply-chain attack, in which hackers who appear to be working on behalf of the North Korean government hid their code in the installer for a common VoIP application known as 3CX, seems so far to have had a prosaic goal: breaking into a handful of cryptocurrency companies.
English