Subject Matter Areas Cybersecurity Cybersecurity and Infrastructure Security Agency

Supply Chain Attack Against 3CXDesktopApp

3CXDesktopApp — a voice and video conferencing app — was trojanized, potentially leading to multi-staged attacks against users employing the vulnerable app.

By Homeland Security Today

March 31, 2023

CISA is aware of open-source reports describing a supply chain attack against 3CX software and their customers. According to the reports, 3CXDesktopApp — a voice and video conferencing app — was trojanized, potentially leading to multi-staged attacks against users employing the vulnerable app.

CISA urges users and organizations to review the following reports for more information, and hunt for the listed indicators of compromise (IOCs) for potential malicious activity:

CrowdStrike: Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers
SentinelOne: SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack
DesktopApp: 3CX DesktopApp Security Alert

Read more at CISA

Previous articleMayorkas Discusses New U.S. Efforts to Counter the Misuse of Technology and the Spread of Digital Authoritarianism at Summit for Democracy

Next articleMan Convicted of Louisiana Bombings Gets Sentenced to 16 Years Behind Bars

Homeland Security Today http://www.hstoday.us

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Unannounced Inspections of CBP Facilities in the Rio Grande Valley Area Found Detention and Data Integrity Issues

GTSC’s FITGov Summit 2023: Procurement Pros Know the Recipe to Advance IT Innovations

GTSC’s FITGov Summit 2023: Governing Advanced Technology Before It Governs Us

Administration Updates National AI R&D Strategic Plan, Seeks Public Input on AI Risks and Opportunities

Former Chief Scientist for GTRI Pleads Guilty to Conspiring to Defraud Georgia Tech and the CIA

Maryland Resident Sentenced for Transporting Firearms with Obliterated Serial Numbers and Smuggling Firearms to Nigeria

Unannounced Inspections of CBP Facilities in the Rio Grande Valley Area Found Detention and Data Integrity Issues

San Antonio Man Found Guilty of Funneling Funds to al-Nusra Front

Supply Chain Attack Against 3CXDesktopApp

Related Articles

With Porous Borders and Endemic Corruption, Can Syria Mitigate the Captagon Threat?

SEPTA Announces New Enforcement of Ski Mask Ban Following Violent Incidents

Human Smuggling Attempt Foiled at Harlingen Airport

LEAVE A REPLY Cancel reply

Latest Articles

With Porous Borders and Endemic Corruption, Can Syria Mitigate the Captagon Threat?

SEPTA Announces New Enforcement of Ski Mask Ban Following Violent Incidents

Human Smuggling Attempt Foiled at Harlingen Airport

Former Chief Scientist for GTRI Pleads Guilty to Conspiring to Defraud Georgia Tech and the CIA

Maryland Resident Sentenced for Transporting Firearms with Obliterated Serial Numbers and Smuggling Firearms to Nigeria