Threat Advisory: 3CX Softphone Telephony Campaign
Contents
This is a developing story that team's across Todyl are continuing to track and will provide updates as necessary. For the latest information, scroll to the bottom of this post.
Todyl is actively tracking a malicious actor campaign targeting users of the 3CX softphone telephony platform. Both preventions and detections across multiple Todyl modules have been released, in addition to active threat hunting from the MXDR Team.
As of 10:43AM MT, VirusTotal is reporting that no vendors are actively detecting this threat. The actions mentioned below significantly reduce risk of infection for tenants leveraging Todyl’s Endpoint Security, SIEM, and SASE modules.
The campaign is currently attributed to the threat actor, LABYRINTH CHOLLIMA, associated with the Democratic People’s Republic of Korea. Todyl’s ATI (Adversary Threat Intelligence) team is continuing to monitor developments and coordinating with both the MXDR and Detection Engineering teams.
As of 10:35AM MT, the Detection Engineering team performed the …
Todyl is actively tracking a malicious actor campaign targeting users of the 3CX softphone telephony platform. Both preventions and detections across multiple Todyl modules have been released, in addition to active threat hunting from the MXDR Team.
As of 10:43AM MT, VirusTotal is reporting that no vendors are actively detecting this threat. The actions mentioned below significantly reduce risk of infection for tenants leveraging Todyl’s Endpoint Security, SIEM, and SASE modules.
The campaign is currently attributed to the threat actor, LABYRINTH CHOLLIMA, associated with the Democratic People’s Republic of Korea. Todyl’s ATI (Adversary Threat Intelligence) team is continuing to monitor developments and coordinating with both the MXDR and Detection Engineering teams.
As of 10:35AM MT, the Detection Engineering team performed the …
IoC
5d99efa36f34aa6b43cd81e77544961c5c8d692c96059fef92c2df2624550734
72349cf4971607c1bc66314069f0c864e8aa4336a663f2afbc2cb7e852465430
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405
https://github.com/IconStorages/images
72349cf4971607c1bc66314069f0c864e8aa4336a663f2afbc2cb7e852465430
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405
https://github.com/IconStorages/images