Percherie OnDaNetMar 31, 2023

@sebsauvage
Corruption de la chaîne d'approvisionnement chez l'éditeur de softphone #3cx

Plusieurs utilisateurs indiquent que leurs mot de passe stocke dans leur navigateur ont été volé et utilisé
Les DSI de grosse entreprise comme Pepsi et Mercedes sont très remonté

Le temps de valider l'alerte chez nous, désinstallation en catastrophe de #3cxdesktopapp sur l'ensemble du parc en attendant lundi
#3cxapocalypse

https://www.huntress.com/blog/contextualizing-events-enabling-defense-what-3cx-means

Contextualizing Events & Enabling Defense: What 3CX Means

In this blog, we contextualize the events and talk about enabling defense from the 3CX compromise.

Joe SłowikMar 31, 2023
My @huntress colleagues @JohnHammond and Matthew Brennan did a bang up job discussing the #3CX #3CXApocalypse yesterday - now a quick follow up looking at how this event fits into the narrative of #SupplyChain incidents more generally, and how to orient #Infosec defense to best counter such events:
https://www.huntress.com/blog/contextualizing-events-enabling-defense-what-3cx-means
Contextualizing Events & Enabling Defense: What 3CX Means

In this blog, we contextualize the events and talk about enabling defense from the 3CX compromise.

Joe SłowikMar 30, 2023
What's sad is everyone's going to jump on #3CX #3CXApocalypse and forget about CVE-2023-23397
Joe SłowikMar 30, 2023
My awesome colleague @JohnHammond worked through the night with fellow @huntress analysts to produce this overview of #3CX #3CXApocalypse attack paths and vendor-neutral defensive guidance. Honestly the best summary and overview of activity since the initial CrowdStrike disclosure. #DFIR #ThreatIntel #CTI
https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats
3CX VoIP Software Compromise & Supply Chain Threats

The 3CX VoIP Desktop Application has been compromised to deliver malware via legitimate 3CX updates. Huntress has been investigating this incident and working to validate and assess the current supply chain threat to the security community.

Joe SłowikMar 30, 2023
Oh hey #SupplyChainAttacks are in the #infosec news again - and people still misunderstand them. As we look to #3CX #3CXApocalypse right now, a reminder that #supplychain intrusions are hard, and network defenders have a host of built in advantages in such events #DFIR #CTI #ThreatIntel
https://pylos.co/wp-content/uploads/2022/10/wp-ghost-in-the-machine-supply-chain.pdf
Joe SłowikMar 29, 2023

I hope #infosec consumers are tracking the "time to opportunistic blog" as opposed to, you know, actually working to solve the problem at hand, when it comes to evaluating vendors.

#3CX #3CXApocalypse

Joe SłowikMar 29, 2023

For #3CX #3CXApocalypse I'm honestly a bit impressed with the identified malicious infrastructure - there's some obvious pivots and relationships, but overall aside from a "visual check" on domain name similarity these break out into multiple, almost completely distinct clusters by infrastructure characteristics. Looks like #DerpK has been learning.

Image courtesy of the fine folks at @DomainTools