virus logo Outbreak Alert

3CX Supply Chain Attack

Released: Mar 30, 2023

Updated: Apr 05, 2023

Download PDF »

3CX Supply Chain Attack Attack Tags

Critical Severity

VOIP Systems Platform

3CX Vendor

Subscribe

3CX VoIP DesktopApp Campaign & Supply Chain Threats

Security researchers observed that the threat actors abused a popular business communication software by 3CX. The reports mention that a version of the 3CX VoIP (Voice over Internet Protocol) desktop client was trojanized and is being used to attack multiple organizations. Learn More »

Common Vulnerabilities and Exposures


Background

3CXDesktopApp is a voice and video conferencing Private Automatic Branch Exchange (PABX) enterprise call routing software developed by 3CX, a business communications software company. The company website claims that 3CX has 600,000 customers and over 12 million daily users. 3CX customers are in multiple sectors such as automotive, hospitality, food & beverage, Managed Information Technology Service Provider (MSP) and manufacturing.

According to the vendor, "this appears to have been a targeted attack from an Advanced Persistent Threat, perhaps even state sponsored, that ran a complex supply chain attack." Due to widespread usage of the software across different sectors and organizations, this has the potential to be a massive supply chain attack similar to what we have seen in the past like SolarWinds incident or the Kaseya VSA ransomware attack.

Click here to analyze the

Real-Time Threat Map

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


March 30th, 2023: 3CX posted an alert at:
https://www.3cx.com/blog/news/desktopapp-security-alert/

March 30th 2023: CISA released an alert at:
https://www.cisa.gov/news-events/alerts/2023/03/30/supply-chain-attack-against-3cxdesktopapp


FortiGuard Labs has released updated Antivirus definitions and blocked all the known IoCs including Domains, C2 servers and IPs related to the attack. FortiGuard AI/ML engine is able to prevent and block download of malware payload automatically without any human interaction.

FortiGuard Labs is continually monitoring the situation and will provide new information as it becomes available.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • AV

  • AV (Pre-filter)

  • Behavior Detection

  • IPS

  • Pre-execution

  • Web Filter

  • Post-execution

  • Botnet C&C

DETECT

  • Threat Hunting

  • IOC

  • Outbreak Detection

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.