Symantec found that the North Korean-linked X_TRADER supply-chain attack affected organizations beyond 3CX, including two energy-sector critical infrastructure victims in the United States and Europe and two financial-trading organizations. The campaign began with a trojanized X_TRADER installer that dropped side-loaded DLLs under C:\Programdata\TPM and installed VEILEDSIGNAL, a modular backdoor with process-injection and command-and-control components. Symantec noted that the activity appeared financially motivated because X_TRADER served futures trading users, but the compromise of strategic energy organizations raised concern that North Korean operators could later exploit access for espionage or further operations.