Top Threats

3CXDesktop and Supply Chain Incident

  • 1.  3CXDesktop and Supply Chain Incident

    Posted Apr 04, 2023 11:55:00 AM

    On or around the 29th March 2023 Crowdstrike observed malicious activity from legitimate signed binaries for the application 3CXDesktop. On 30th March 2023 and engagement ensued. The  attack chain indicates that it was a trojan-iased application with a dynamic link library (DLL) of a malicious version of an open source video player. The DLL is loaded by the executable 3CXDDesktop exe application which then runs from a GitHub library. It is recommended that any orgs check to see if they use this player or have it installed. Vendor reporting suggest that it is affiliated with state sponsored activity. Indicators of compromise has been included in the respective sourced reports.

    Sources: Crowdstrike
    SentinelOne



    ------------------------------
    Derek Buchanan
    Threat Intel lead
    Vodafone
    ------------------------------