ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    3CX Desktop VoIP Client Hit with Supply Chain Attack

    News
    3cx
    2
    5
    523
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 1
      1337
      last edited by 1337

      3CX Desktop VoIP Client Hit with Supply Chain Attack

      The 3CX VoIP Desktop Client was compromised by what is believed to be a threat group associated with the North Korean government. Millions of users of the 3CX software are affected. The malware in the compromised version of the 3CX VoIP client exfiltrated data from affected users, allowing full remote control of infected systems.

      The attack affects both Windows and macOS users. The attack gained notice when 3CX users began complaining that security products were flagging and, in some cases, removing the software from their computers.

      https://www.cisa.gov/news-events/alerts/2023/03/30/supply-chain-attack-against-3cxdesktopapp

      More detailed information and discussions for those that are interested:
      Youtube Video

      1 Reply Last reply Reply Quote 2
      • scottalanmillerS
        scottalanmiller
        last edited by

        Well, everyone using it opted to not have code visibility and self compilation or code verification. Not that people would, but this is a risk people opt for.

        1 1 Reply Last reply Reply Quote 1
        • 1
          1337 @scottalanmiller
          last edited by 1337

          @scottalanmiller said in 3CX Desktop VoIP Client Hit with Supply Chain Attack:

          Well, everyone using it opted to not have code visibility and self compilation or code verification. Not that people would, but this is a risk people opt for.

          It's not that simple since it was the Github's open source electron framework that had been tampered with.

          I don't think it's known where it was hosted though. Could have been github or a local repository. But if I understand correctly it was only there it had been compromised, not upstream.

          More info will probably be known in a week or two.

          scottalanmillerS 2 Replies Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @1337
            last edited by

            @Pete-S said in 3CX Desktop VoIP Client Hit with Supply Chain Attack:

            It's not that simple since it was the Github's open source electron framework that had been tampered with.

            The framework itself, or the framework inside of 3CX. If it was the former, it would hit every project that uses it. If the latter, it would only be 3CX.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @1337
              last edited by

              @Pete-S said in 3CX Desktop VoIP Client Hit with Supply Chain Attack:

              But if I understand correctly it was only there it had been compromised, not upstream.

              That's what it seems like from all of the reports. Otherwise there should have been a HUGE report of an open source ecosystem hit. Closed source vendors would have been all over that.

              1 Reply Last reply Reply Quote 0
              • 1 / 1
              • First post
                Last post