3CX Desktop VoIP Client Hit with Supply Chain Attack
-
3CX Desktop VoIP Client Hit with Supply Chain Attack
The 3CX VoIP Desktop Client was compromised by what is believed to be a threat group associated with the North Korean government. Millions of users of the 3CX software are affected. The malware in the compromised version of the 3CX VoIP client exfiltrated data from affected users, allowing full remote control of infected systems.
The attack affects both Windows and macOS users. The attack gained notice when 3CX users began complaining that security products were flagging and, in some cases, removing the software from their computers.
https://www.cisa.gov/news-events/alerts/2023/03/30/supply-chain-attack-against-3cxdesktopapp
More detailed information and discussions for those that are interested:
Youtube Video -
Well, everyone using it opted to not have code visibility and self compilation or code verification. Not that people would, but this is a risk people opt for.
-
@scottalanmiller said in 3CX Desktop VoIP Client Hit with Supply Chain Attack:
Well, everyone using it opted to not have code visibility and self compilation or code verification. Not that people would, but this is a risk people opt for.
It's not that simple since it was the Github's open source electron framework that had been tampered with.
I don't think it's known where it was hosted though. Could have been github or a local repository. But if I understand correctly it was only there it had been compromised, not upstream.
More info will probably be known in a week or two.
-
@Pete-S said in 3CX Desktop VoIP Client Hit with Supply Chain Attack:
It's not that simple since it was the Github's open source electron framework that had been tampered with.
The framework itself, or the framework inside of 3CX. If it was the former, it would hit every project that uses it. If the latter, it would only be 3CX.
-
@Pete-S said in 3CX Desktop VoIP Client Hit with Supply Chain Attack:
But if I understand correctly it was only there it had been compromised, not upstream.
That's what it seems like from all of the reports. Otherwise there should have been a HUGE report of an open source ecosystem hit. Closed source vendors would have been all over that.