3CX VoIP Software Compromise & Supply Chain Threats
Contents
The 3CX VoIP Desktop Application has been compromised to deliver malware via legitimate 3CX updates. Huntress has been investigating this incident and working to validate and assess the current supply chain threat to the security community.
At 11:40 AM EDT on March 29, 2023, Huntress received an inbound support request from a partner, concerned with a new advisory and discussion on Reddit shared just 30 minutes prior. CrowdStrike was first to sound the alarm on a breaking incident: 3CX VoIP software installations were compromised, delivering malware to hosts running the 3CX desktop app.
Huntress immediately added increased monitoring for malicious activity related to the 3CX application, while working to validate this attack vector so that we could provide as much information as possible to the community.
From 3CX’s recently released notification, the currently known affected 3CX DesktopApp versions are 18.12.407 and 18.12.416 for Windows.
Impact
At the time of writing, Shodan reports there are 242,519 …
At 11:40 AM EDT on March 29, 2023, Huntress received an inbound support request from a partner, concerned with a new advisory and discussion on Reddit shared just 30 minutes prior. CrowdStrike was first to sound the alarm on a breaking incident: 3CX VoIP software installations were compromised, delivering malware to hosts running the 3CX desktop app.
Huntress immediately added increased monitoring for malicious activity related to the 3CX application, while working to validate this attack vector so that we could provide as much information as possible to the community.
From 3CX’s recently released notification, the currently known affected 3CX DesktopApp versions are 18.12.407 and 18.12.416 for Windows.
Impact
At the time of writing, Shodan reports there are 242,519 …
IoC
54004dfaa48ca5fa91e3304fb99559a2395301c570026450882d6aad89132a02
5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
5d99efa36f34aa6b43cd81e77544961c5c8d692c96059fef92c2df2624550734
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61
a60a61bf844bc181d4540c9fac53203250a982e7c3ad6153869f01e19cc36203
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb
d45674f941be3cca2fbc1af42778043cc18cd86d95a2ecb9e6f0e212ed4c74ae
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec
http://akamaicontainer.com
http://akamaitechcloudservices.com
http://azuredeploystore.com
http://azureonlinecloud.com
http://azureonlinestorage.com
http://dunamistrd.com
http://github.com/IconStorages/images
http://glcloudservice.com
http://journalide.org
http://msedgepackageinfo.com
http://msstorageazure.com
http://msstorageboxes.com
http://officeaddons.com
http://officestoragebox.com
http://pbxcloudeservices.com
http://pbxphonenetwork.com
http://pbxsources.com
http://qwepoi123098.com
http://sbmsa.wiki
http://sourceslabs.com
http://visualstudiofactory.com
http://zacharryblogs.com
https://akamaitechcloudservices.com/v2/storage
https://azuredeploystore.com/cloud/services
https://azureonlinestorage.com/azure/storage
https://github.com/IconStorages/images
https://glcloudservice.com/v1/console
https://msedgepackageinfo.com/microsoft-edge
https://msedgeupdate.net/Windows
https://msstorageazure.com/window
https://msstorageboxes.com/office
https://officeaddons.com/technologies
https://officestoragebox.com/api/session
https://pbxcloudeservices.com/phonesystem
https://pbxphonenetwork.com/voip
https://pbxsources.com/exchange
https://raw.githubusercontent.com/IconStorages/images/main/icon%d.ico
5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
5d99efa36f34aa6b43cd81e77544961c5c8d692c96059fef92c2df2624550734
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61
a60a61bf844bc181d4540c9fac53203250a982e7c3ad6153869f01e19cc36203
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb
d45674f941be3cca2fbc1af42778043cc18cd86d95a2ecb9e6f0e212ed4c74ae
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec
http://akamaicontainer.com
http://akamaitechcloudservices.com
http://azuredeploystore.com
http://azureonlinecloud.com
http://azureonlinestorage.com
http://dunamistrd.com
http://github.com/IconStorages/images
http://glcloudservice.com
http://journalide.org
http://msedgepackageinfo.com
http://msstorageazure.com
http://msstorageboxes.com
http://officeaddons.com
http://officestoragebox.com
http://pbxcloudeservices.com
http://pbxphonenetwork.com
http://pbxsources.com
http://qwepoi123098.com
http://sbmsa.wiki
http://sourceslabs.com
http://visualstudiofactory.com
http://zacharryblogs.com
https://akamaitechcloudservices.com/v2/storage
https://azuredeploystore.com/cloud/services
https://azureonlinestorage.com/azure/storage
https://github.com/IconStorages/images
https://glcloudservice.com/v1/console
https://msedgepackageinfo.com/microsoft-edge
https://msedgeupdate.net/Windows
https://msstorageazure.com/window
https://msstorageboxes.com/office
https://officeaddons.com/technologies
https://officestoragebox.com/api/session
https://pbxcloudeservices.com/phonesystem
https://pbxphonenetwork.com/voip
https://pbxsources.com/exchange
https://raw.githubusercontent.com/IconStorages/images/main/icon%d.ico