lazarusholic

Everyday is lazarus.dayβ

Elastic users protected from SUDDENICON’s supply chain attack

2023-03-30, Elastic
https://www.elastic.co/kr/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack
#SUDDENICON #SupplyChain #3CXDesktopApp #SmoothOperator

Contents

Elastic alert telemetry has observed protection events related to the supply chain attacks targeting the 3CXDesktopApp update process.
- Elastic users are protected from supply chain attacks targeting the 3CX users
- How the execution flow operates is actively being investigated by Elastic Security Labs and other research teams
- Irrespective of the anti-malware technology you are using, shellcode and process injection alerts for 3CX should not be added to exception lists
On March 29, 2023, CrowdStrike reported a potential supply-chain compromise affecting 3CX VOIP softphone users as detailed in a Reddit post. Elastic Security Labs continues to monitor telemetry for evidence of threat activity and will provide updates as more evidence becomes available. The earliest period of potentially malicious activity is currently understood to be on or around March 22, 2023 as reported by Todyl.
3CX states it is used by over 600,000 companies and over 12,000,000 users, so Elastic Security Labs is releasing …

IoC

5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb
c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405
http://Zacharryblogs.com
http://akamaicontainer.com
http://akamaitechcloudservices.com
http://azuredeploystore.com
http://azureonlinecloud.com
http://azureonlinestorage.com
http://dunamistrd.com
http://glcloudservice.com
http://journalide.org
http://msedgepackageinfo.com
http://msstorageazure.com
http://msstorageboxes.com
http://officeaddons.com
http://officestoragebox.com
http://pbxcloudeservices.com
http://pbxphonenetwork.com
http://pbxsources.com
http://qwepoi123098.com
http://sbmsa.wiki
http://sourceslabs.com
http://visualstudiofactory.com