Security News > 2023 > April > 3CX supply chain attack: What do we know?
Five days have passed since the supply chain attack targeting 3CX customers gained wider public attention, but the software's manufacturer is yet to confirm how the Windows and macOS desktop apps have been compromised by the attackers.
"On March 29th, 3CX received reports from a third party of a malicious actor exploiting a vulnerability in our product. We took immediate steps to investigate the incident, retaining Mandiant, leading global cybersecurity experts," 3CX CEO Nick Galea stated on Sunday.
There has been no mention of the fact that customers started warning 3CX about their EDRs reporting suspicious activity related to the app as far back as March 22.
Subsequent analyses of the trojanized apps, the uncovered malware delivery infrastructure, and the actual malware have revealed that some of the network infrastructure used in the attack was registered in February 2022, and that the first identified version of the compromised macOS Electron app was spotted in January 2023.
"The impacted 3CX Electron Desktop App was bundled with an infected library file named ffmpeg.dll. This infected library further downloads another encrypted file d3dcompiler 47.dll. This file has functionality to access.ico files hosted on GitHub which contain CnC information. These CnC domains are used to deliver the final payload which allows the attacker to perform malicious activity in the victim's environment," Zscaler researchers succinctly explained.
How many companies have been compromised in the 3CX supply chain attack?
News URL
https://www.helpnetsecurity.com/2023/04/03/3cx-supply-chain-attack/
Related news
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)