Researchers say hackers have compromised the 3CX VoIP IPBX desktop app, used by 600K+ companies and 12M+ daily users, in an ongoing supply chain attack
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target …
BleepingComputer Sergiu Gatlan
Related Coverage
- SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack SentinelOne · Juan Andrés Guerrero-Saade
- CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers CrowdStrike
- Supply-chain attack on business phone provider 3CX could impact thousands of companies The Record · Alexander Martin
- 3CX users under DLL-sideloading attack: What you need to know Sophos News
- 3CX DesktopApp compromised by supply chain attack CSO · Apurva Venkat
- Developing Story: Information on Attacks Involving 3CX Desktop App Trend Micro
- 3CX Confirms Supply Chain Attack As Researchers Uncover Mac Component SecurityWeek · Eduard Kovacs
- 3CX unified comms users hit by supply chain attacks ComputerWeekly.com · Alex Scroxton
- A VoIP service used by some of the world's biggest firms has been hacked TechRadar
- 3CX VoIP App Compromised By Supply Chain Attack: Security Researchers CRN · Kyle Alspach
- 3CX Desktop App Supply Chain Attack Leaves Millions at Risk - Urgent Update on the Way! The Hacker News
- Supply chain cyberattack with possible links to North Korea could have thousands of victims globally CyberScoop · AJ Vicens
- Unfolding as we speak. SentinelOne Labs team has been tracking since March 22nd. For SentinelOne customers, no action is needed. … Jason Duerden
Discussion
-
3CX Forums
Nick Galea
on x
3CX DesktopApp Security Alert
-
@_johnhammond
John Hammond
on x
3cx official post. https://www.3cx.com/...
-
@weldpond
Chris Wysopal
on x
This supply chain attack, dubbed ‘SmoothOperator’ by SentinelOne, starts when the MSI installer is downloaded from 3CX's website or an update is pushed to an already installed desktop application. https://www.bleepingcomputer.com/ ...
-
@vxunderground
@vxunderground
on x
@CrowdStrike ... .@SentinelOne has released an in-depth analysis of the malware and payload, they have dubbed it ‘SmoothOperator’. The final payload exfiltrates data from web browsers Chrome, Edge, Brave, and Firefox. tl;dr largest data theft in history? https://www.sentinelone.c…
-
@gi7w0rm
@gi7w0rm
on x
⚠️ @SentinelOne is investigating an ongoing supply chain attack on the #3CXDesktopApp. 3CXDesktopApp is a voice and video conferencing Private Automatic Branch Exchange (PABX) enterprise call routing software developed by 3CX, a business communications https://www.sentinelone.com…
-
@kostastsale
Kostas
on x
There is a cred harvesting aspect, as noted by SentinelOne 👇 https://www.sentinelone.com/ ... This happens after the payload is downloaded from GitHub and runs in memory. DPRK is once again looking to fund their operations by emptying your people's bank account and bitcoin wallet…