Security News > 2023 > April > 3CX supply chain attack: What do we know?

Five days have passed since the supply chain attack targeting 3CX customers gained wider public attention, but the software's manufacturer is yet to confirm how the Windows and macOS desktop apps have been compromised by the attackers.

"On March 29th, 3CX received reports from a third party of a malicious actor exploiting a vulnerability in our product. We took immediate steps to investigate the incident, retaining Mandiant, leading global cybersecurity experts," 3CX CEO Nick Galea stated on Sunday.

There has been no mention of the fact that customers started warning 3CX about their EDRs reporting suspicious activity related to the app as far back as March 22.

Subsequent analyses of the trojanized apps, the uncovered malware delivery infrastructure, and the actual malware have revealed that some of the network infrastructure used in the attack was registered in February 2022, and that the first identified version of the compromised macOS Electron app was spotted in January 2023.

"The impacted 3CX Electron Desktop App was bundled with an infected library file named ffmpeg.dll. This infected library further downloads another encrypted file d3dcompiler 47.dll. This file has functionality to access.ico files hosted on GitHub which contain CnC information. These CnC domains are used to deliver the final payload which allows the attacker to perform malicious activity in the victim's environment," Zscaler researchers succinctly explained.

How many companies have been compromised in the 3CX supply chain attack?

News URL

https://www.helpnetsecurity.com/2023/04/03/3cx-supply-chain-attack/