The compromised binary in this case is a software-based Private Automatic Branch Exchange (PABX) Voice over Internet Protocol (VoIP) phone system developed by the company 3CX, and it was compromised through a supply chain attack suspected to have the involvement of the North Korean-based adversary known as Lazarus Group. Lazarus Group, also known as Hidden Cobra, is a state-sponsored adversary attributed to the Reconnaissance General Bureau (RGB) of the Democratic People’s Republic of Korea (DPRK), whose activities were previously emulated by AttackIQ in early 2023. Gopuram has also been observed to coexist on victims’ systems with AppleJeus, a backdoor attributed to the Lazarus Group. This unique identifier is used to register the victim in the adversary’s infrastructure via an HTTP POST request.