Supply Chain Attack Against 3CXDesktopApp
Release Date
CISA is aware of open-source reports describing a supply chain attack against 3CX software and their customers. According to the reports, 3CXDesktopApp — a voice and video conferencing app — was trojanized, potentially leading to multi-staged attacks against users employing the vulnerable app.
CISA urges users and organizations to review the following reports for more information, and hunt for the listed indicators of compromise (IOCs) for potential malicious activity:
Vendor communications from 3CX:
- 3CX: Security Incident Update Saturday 1 April 2023
- 3CX: Uninstalling the Desktop App from Windows and Mac
- 3CX: Security Alert for Electron Windows App | Desktop App
JCDC partner analysis on 3CX DesktopApp attacks:
- Crowdstrike: CrowdStrike Prevents 3CXDesktopApp Intrusion Campaign
- SentinelOne: SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack - SentinelOne
- Broadcom: 3CX: Supply Chain Attack Affects Thousands of Users Worldwide | Symantec Enterprise Blogs (security.com)
- Palo Alto Networks: Threat Brief: 3CXDesktopApp Supply Chain Attack (Updated) (paloaltonetworks.com)
- Tenable: 3CX Desktop App for Windows and macOS Reportedly Compromised in Supply Chain Attack - Blog | Tenable®
- VMware: Investigating 3CX Desktop Application Attacks: What You Need to Know - VMware Security Blog - VMware
- Volexity: 3CX Supply Chain Compromise Leads to ICONIC Incident | Volexity
- Trend Micro: Information on Attacks Involving 3CX Desktop App (trendmicro.com)
- Zscaler: 3CX supply chain attack analysis | 03-31-2023 (zscaler.com)
- Fortinet: 3CX Desktop App Compromised (CVE-2023-29059) | FortiGuard Labs (fortinet.com)
This product is provided subject to this Notification and this Privacy & Use policy.