3CX VoIP Software Compromised in Supply Chain Attack

Security firms Crowdstrike, Sophos, and SentinelOne have warned that a digitally signed version of the soft phone has been turned into a trojan. The compromised software has been installed on both Windows and Mac based computers.

So far the most common symptoms are beaconing (reaching out) to the perpetrator’s infrastructure and spawning live command shells. The attack is on-going and state level involvement is suspected. In some cases hands on keyboard remote activity has apparently been observed.

There is no published fix or advice from 3CX that we could locate. At this time, uninstalling the software and scanning with security packages appears to be the best defensive move. You can read SentienlOne’s analysis of the campaign here: https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s