The adversary behind thesupply chain attack targeting 3CXdeployed a second-stage implant specifically singling out a small number of cryptocurrency companies. Russian cybersecurity firm Kaspersky, which has beeninternally trackingthe versatile backdoor under the nameGopuramsince 2020, said it observed an increase in the number of infections in March 2023 coinciding with the 3CX breach.