Beth PariseauApr 25, 2023
#3cxpocalypse, like the #LastPass breach, was facilitated in part by vulnerable software downloaded to an employee's home computer, which then had access to company systems. Securing remote access an increasingly hot topic: https://www.techtarget.com/searchitoperations/news/365534899/Securing-remote-access-grows-crucial-for-DevSecOps
Securing remote access grows crucial for DevSecOps

Between remote work and hybrid cloud lies a menacing security gap that experts warn more and more businesses will fall into without a cohesive approach.

TechTarget
UltravioletApr 4, 2023

Looks like #3cxpocalypse MAY actually be #3cx rainstorm … with much less damage than expected.

“Kaspersky has now found that the #hackers combed through the victims infected with its corrupted software to ultimately target fewer than 10 machines—at least as far as @Kaspersky could observe so far—and that they seemed to be focusing on #cryptocurrency firms with “surgical precision.””

https://www.wired.com/story/3cx-supply-chain-attack-north-korea-cryptocurrency-targets/

Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms

North Korean hackers appear to have used the corrupted VoIP software to go after just a handful of crypto firms with "surgical precision."

WIRED
Nagy Ferenc LászlóApr 2, 2023
#3CX slowly informs customers about details of #3CXpocalypse. I'm positive that next time they will even mention that the Mac version was infected, too. By the way if an AV detects the 18.12.402 version of the Windows app, that's because that already included the malicious d3dcompiler_47.dll, however there was no infected ffmpeg.dll to use it.
Show threadThomas Roccia Mar 31, 2023
🔎FYI what we call a ‘stealer’ is not really a stealer. It mainly grabs some information from the infected machines to filter the targets and installs a potential other stage #3CX #3CXpocalypse #infosec
Thomas Roccia Mar 31, 2023
🍏Diving into the 3CX Mac OS edition analysis, here is the preliminary diagram of the attack flow. I hope it will give you a broader understanding! 💥 #3CX #3CXpocalypse #infosec
The Hacker NewsMar 31, 2023

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1641737567715438592#m

R to @TheHackersNews: The attack appears to have compromised 3CX's software build pipeline to distribute Windows and #macOS versions of the app package or poisoned an upstream dependency. The scale of the attack is currently unknown. 🔎

#cybersecurity #3CX #3CXpocalypse #3CXDesktopApp

The Hacker News (@TheHackersNews)

The attack appears to have compromised 3CX's software build pipeline to distribute Windows and #macOS versions of the app package or poisoned an upstream dependency. The scale of the attack is currently unknown. 🔎 #cybersecurity #3CX #3CXpocalypse #3CXDesktopApp

Nitter
Thomas Roccia Mar 31, 2023

🔍 If you are looking for a comprehensive overview of the current #3CX supply chain attack, I created a diagram that shows the attack flow for the Windows version! 💥

I'll update as soon as the analysis progresses. #cybersecurity #infosec #supplychainattack #3CXpocalypse

Jamie Levy 🦉Mar 31, 2023

This is what we currently know about the #3cx compromise. Awesome job @JohnHammond @Embee_research and team from @huntress !

https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats

#DFIR #malware #3CXpocalypse #supplychain #voip

3CX VoIP Software Compromise & Supply Chain Threats

The 3CX VoIP Desktop Application has been compromised to deliver malware via legitimate 3CX updates. Huntress has been investigating this incident and working to validate and assess the current supply chain threat to the security community.

Koen Van ImpeMar 30, 2023
The indicators from @crowdstrike (and others) on the compromise of the 3CX desktop app have been published via the @misp OSINT feed of botvrij.eu. You can also get them directly at
botvrij.eu/data/feed-osin…
#3CXpocalypse #3CX