Everyday is lazarus.dayβ

A Comprehensive Analysis of the 3CX Attack

2023-03-31, Cyble
#SupplyChain #3CXDesktopApp #SmoothOperator


InfoStealer Deployed in a Massive Supply Chain Attack
An ongoing supply chain attack has been reported, targeting customers of 3CX, a VoIP IPBX software development company. This attack has been attributed to North Korean Threat Actors (TAs). Currently, the 3CX DesktopApp can be accessed on various platforms, including Windows, macOS, Linux, and mobile.
However, reports have indicated that the ongoing activity related to the supply chain attack has been detected on both Windows and macOS operating systems. The attack involves a Trojanized version of the 3CX, a Voice Over Internet Protocol (VOIP) desktop client, which has been digitally signed. 3CX’s Phone System is utilized by over 600,000 companies globally and has over 12 million daily users.
The highlights of the incident are as follows:
- On March 29, a significant number of EDR providers and antivirus solutions began to identify and signal a warning for the legitimate 3CXDesktopApp.exe binary, which was signed.
- This binary …