3CX: Supply Chain Attack Affects Thousands of Users Worldwide
Contents
3CX: Supply Chain Attack Affects Thousands of Users Worldwide
North Korean-sponsored actors believed to be linked to attack that Trojanized several versions of 3CX DesktopApp
UPDATE March 30 2023 9:07 UTC: Our blog has been updated with technical analysis of the malware used.
Attackers believed to be linked to North Korea have Trojanized 3CX DesktopApp, a widely-used voice and video calling desktop client. In an attack reminiscent of SolarWinds, installers for several recent Windows and Mac versions of the software were compromised and modified by the attackers in order to deliver additional information stealing malware to the user’s computer. The information gathered by this malware presumably allowed the attackers to gauge if the victim was a candidate for further compromise.
Attack chain
The attackers compromised installer files for at least two Windows versions (18.12.407 and 18.12.416) and two Mac versions (8.11.1213 and latest) of 3CX DesktopApp. The installers contained clean versions of the app along …
North Korean-sponsored actors believed to be linked to attack that Trojanized several versions of 3CX DesktopApp
UPDATE March 30 2023 9:07 UTC: Our blog has been updated with technical analysis of the malware used.
Attackers believed to be linked to North Korea have Trojanized 3CX DesktopApp, a widely-used voice and video calling desktop client. In an attack reminiscent of SolarWinds, installers for several recent Windows and Mac versions of the software were compromised and modified by the attackers in order to deliver additional information stealing malware to the user’s computer. The information gathered by this malware presumably allowed the attackers to gauge if the victim was a candidate for further compromise.
Attack chain
The attackers compromised installer files for at least two Windows versions (18.12.407 and 18.12.416) and two Mac versions (8.11.1213 and latest) of 3CX DesktopApp. The installers contained clean versions of the app along …
IoC
11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03
5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405
http://akamaicontainer.com
http://akamaitechcloudservices.com
http://azuredeploystore.com
http://azureonlinecloud.com
http://azureonlinestorage.com
http://dunamistrd.com
http://glcloudservice.com
http://journalide.org
http://msedgepackageinfo.com
http://msstorageazure.com
http://msstorageboxes.com
http://officeaddons.com
http://officestoragebox.com
http://pbxcloudeservices.com
http://pbxphonenetwork.com
http://pbxsources.com
http://qwepoi123098.com
http://raw.githubusercontent.com/IconStorages/images/main/
http://sbmsa.wiki
http://sourceslabs.com
http://visualstudiofactory.com
http://zacharryblogs.com
https://raw.githubusercontent.com/IconStorages/images/main/icon%d.ico
5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405
http://akamaicontainer.com
http://akamaitechcloudservices.com
http://azuredeploystore.com
http://azureonlinecloud.com
http://azureonlinestorage.com
http://dunamistrd.com
http://glcloudservice.com
http://journalide.org
http://msedgepackageinfo.com
http://msstorageazure.com
http://msstorageboxes.com
http://officeaddons.com
http://officestoragebox.com
http://pbxcloudeservices.com
http://pbxphonenetwork.com
http://pbxsources.com
http://qwepoi123098.com
http://raw.githubusercontent.com/IconStorages/images/main/
http://sbmsa.wiki
http://sourceslabs.com
http://visualstudiofactory.com
http://zacharryblogs.com
https://raw.githubusercontent.com/IconStorages/images/main/icon%d.ico