tldrdaily.news logo
Tag

3cx

All articles tagged with #3cx

cybersecurity2 years ago

"Double Supply Chain Attack Behind 3CX Hack"

The recent supply chain attack on 3CX was caused by a previous supply chain compromise at Trading Technologies, where North Korean hackers breached the site to push trojanized software builds. The attackers used harvested credentials to move laterally through 3CX's network, eventually breaching both the Windows and macOS build environments. The malware achieved persistence through DLL side-loading via legitimate Microsoft Windows binaries, which made it harder to detect. The threat group (UNC4736) is related to the financially motivated North Korean Lazarus Group behind Operation AppleJeus.

via BleepingComputer|
#3cx#cybersecurity#malware
cyber-threat-supply-chain-attack2 years ago

"Massive Supply Chain Attack Targets 3CX Users with Trojanized Apps"

Enterprise communications software maker 3CX has confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack. The attack leveraged a technique called DLL side-loading to load a rogue library referred to as "ffmpeg.dll" that's designed to read encrypted shellcode from another DLL called "d3dcompiler_47.dll." Cybersecurity firm CrowdStrike has attributed the attack with high confidence to Labyrinth Chollima, a North Korea-aligned state-sponsored actor.

via The Hacker News|
#3cx#cyber-threat-supply-chain-attack#cybersecurity
cybersecurity2 years ago

3CX Desktop App Compromised in Supply Chain Attack.

VoIP/PBX software provider 3CX was aware that its desktop app was being flagged as malware but decided to take no action for a week when it learned it was on the receiving end of a massive supply chain attack. Users soon decided the detection was a false positive triggered by a glitch in the SentinelOne product. However, it would be another 24 hours before the world learned that SentinelOne was right and the people suspecting a false positive were wrong. The breakdown involving the disregarded detection by 3CX and its users should serve as a cautionary tale to both support teams and end users.

via Ars Technica|
#3cx#cybersecurity#false-positive
cybersecurity2 years ago

3CX users face supply chain attack risk due to app vulnerability.

Internet telephony company 3CX has warned its customers of malware that was apparently weaseled into the company’s own 3CX Desktop App by cybercriminals who seem to have acquired access to one or more of 3CX’s source code repositories. The malware-laced versions were apparently built and distributed by 3CX itself, so they have the digital signatures you’d expect from the company, and they almost certainly came from an official 3CX download server. 3CX has advised its users to uninstall the Desktop App and switch to using the company’s web-based telephony app for now.

via Naked Security|
#3cx#cyberattack#cybersecurity
cybersecurity2 years ago

Massive supply chain attack targets 3CX users with Trojanized apps.

North Korean hackers have carried out a massive supply chain attack on Windows and macOS users of 3CX, a widely used voice and video calling desktop client, compromising the software build system used to create and distribute Windows and macOS versions of the app. The attackers were able to hide malware inside 3CX apps that were digitally signed using the company’s official signing key. The attack is reminiscent of the SolarWinds supply chain attack detected in December 2020. Any organization that uses 3CX should immediately begin analyzing its network infrastructure to look for signs of compromise.

via Ars Technica|
#3cx#cybersecurity#malware
cybersecurity2 years ago

Massive supply chain attack targets 3CX phone system users.

Security researchers have discovered a supply chain attack targeting downstream customers of 3CX's voice and video-calling client, which is used by over 600,000 organizations worldwide. The trojanized version of the software is capable of stealing data and stored credentials from Google Chrome, Microsoft Edge, Brave, and Firefox user profiles. The attack appears to be a targeted Advanced Persistent Threat, possibly state-sponsored, and North Korean threat actor Labyrinth Chollima is suspected to be behind it. 3CX is urging its customers to uninstall the app and install it again or use its PWA client as a workaround.

via TechCrunch|
#3cx#advanced-persistent-threat#cybersecurity
cybersecurity2 years ago

Hackers Target 3CX Desktop App in Supply Chain Attack

Threat actors have been using a compromised version of the 3CX VoIP desktop client to target 3CX's customers as part of an attack. The malware can extract system information and hijack both data and stored login credentials from user profiles on Chrome, Edge, Brave, and Firefox web browsers. 3CX has recommended uninstalling the desktop app and using the Progressive Web App (PWA) client instead. Organizations that are potentially affected should stop using the vulnerable version if possible and apply the patches or mitigation workarounds if these are available.

via Trend Micro|
#3cx#attack#cybersecurity
cybersecurity2 years ago

Millions at Risk: 3CX Desktop App Compromised in Supply Chain Attack

Cybersecurity vendors have warned of an active supply chain attack that is using digitally signed and rigged installers of the popular voice and video conferencing software, 3CX Desktop App, to target downstream customers. The attack, dubbed SmoothOperator, is the first stage in a multi-stage attack chain that pulls ICO files appended with Base64 data from GitHub and ultimately leads to a third-stage infostealer DLL. The attack may have commenced around March 22, 2023. 3CX is working on a software update for its desktop app and is urging its customers to uninstall the app and install it again or use the PWA client as a workaround. The attack has been attributed with high confidence to a North Korean nation-state actor, Labyrinth Chollima.

via The Hacker News|
#3cx#cybersecurity#information-stealer
cybersecurity2 years ago

Global Supply Chain Cyberattack Targets 3CX VoIP App

Hackers are using a trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client to target the company's customers in a supply chain attack. The attackers are targeting both Windows and macOS users of the compromised 3CX softphone app. The malware is capable of harvesting system info and stealing data and stored credentials from Chrome, Edge, Brave, and Firefox user profiles. The trojanized version of 3CX's desktop client will connect to attacker-controlled domains. Multiple customers have reported that the VoIP client app was marked as malicious by various security software.

via BleepingComputer|
#3cx#cybersecurity#malware