Sophisticated 3CX Software Supply Chain Attack Affects Millions of Users

On March 29th, 2023, it was published that 3CX, the international VoIP IPBX software, was under an ongoing software supply chain attack. The attackers had trojanized the 3CX communication installer software, reportedly used by over 12 million users daily. Several endpoint security vendors, such as SentinelOne and CrowdStrike, identified this attack. Some reports link this attack to the notorious Lazarus group, the cybercrime group linked to the government of North Korea, as part of their wide activity targeting.

The 3CX company, which develops the 3CXDesktopApp, an enterprise call routing software that enables voice and video conferencing using a Private Automatic Branch Exchange (PABX) system, asserts that it has over 600,000 customers and 12 million users across 190 countries. Among its clientele are renowned corporations such as Mercedes Benz, American Express, BMW, McDonald's, Ikea, Pepsi, and many more top-tier companies.

Customers that have downloaded the malicious installer are facing significant risk because the 3CX software is intended to handle internal communication and access sensitive information. The malicious program can also collect sensitive information stored on victims' computers.

The post Sophisticated 3CX Software Supply Chain Attack Affects Millions of Users appeared first on Security Boulevard.