3CX Supply Chain Attack
3CX VoIP DesktopApp Campaign & Supply Chain Threats
Security researchers observed that the threat actors abused a popular business communication software by 3CX. The reports mention that a version of the 3CX VoIP (Voice over Internet Protocol) desktop client was trojanized and is being used to attack multiple organizations. Learn More »
Common Vulnerabilities and Exposures
Background
3CXDesktopApp is a voice and video conferencing Private Automatic Branch Exchange (PABX) enterprise call routing software developed by 3CX, a business communications software company. The company website claims that 3CX has 600,000 customers and over 12 million daily users. 3CX customers are in multiple sectors such as automotive, hospitality, food & beverage, Managed Information Technology Service Provider (MSP) and manufacturing. According to the vendor, "this appears to have been a targeted attack from an Advanced Persistent Threat, perhaps even state sponsored, that ran a complex supply chain attack." Due to widespread usage of the software across different sectors and organizations, this has the potential to be a massive supply chain attack similar to what we have seen in the past like SolarWinds incident or the Kaseya VSA ransomware attack.
Threat Radar Overall Score: -
CVSS Rating | 7.0 | |
FortiRecon Score | 70/100 | |
Known Exploited | No | |
Exploit Prediction Score | 0.05% | |
FortiGuard Telemetry | Analyzing |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
March 30th, 2023: 3CX posted an alert at:
https://www.3cx.com/blog/news/desktopapp-security-alert/
March 30th 2023: CISA released an alert at:
https://www.cisa.gov/news-events/alerts/2023/03/30/supply-chain-attack-against-3cxdesktopapp
FortiGuard Labs has released updated Antivirus definitions and blocked all the known IoCs including Domains, C2 servers and IPs related to the attack. FortiGuard AI/ML engine is able to prevent and block download of malware payload automatically without any human interaction.
FortiGuard Labs is continually monitoring the situation and will provide new information as it becomes available.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
AV (Pre-filter)
-
Behavior Detection
-
IPS
-
Pre-execution
-
Web Filter
-
Post-execution
-
Botnet C&C
-
Threat Hunting
-
IOC
-
Outbreak Detection
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
AV Blocks malware related to 3CX Supply Chain Attack
AV (Pre-filter) Blocks malware related to 3CX Supply Chain Attack
Behavior Detection Blocks malware based on Community Cloud Query
IPS Detects and Blocks 3CX DesktopApp Supply Chain Backdoor traffic
Pre-execution Behavior Dectection Engine prevents the malicious app from downloading the 3CX payload
Web Filter Blocks known IOCs related to 3CX Supply Chain Attack
Post-execution Behavior Dectection Engine detects and blocks malicious activities related to 3CX Attack
Botnet C&C Blocks known C2 servers related to 3CX Supply Chain Attack
Threat Hunting
IOC Blocks known IOCs related to 3CX Supply Chain Attack
Outbreak Detection
Assisted Response Services Experts to assist you with analysis, containment and response activities.
FortiRecon: ACI
Automated Response Services that can automaticlly respond to this outbreak.
FortiClient Forensics
InfoSec Services Security readiness and awareness training for SOC teams, InfoSec and general employees.
Attack Surface Monitoring (Inside & Outside) Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.