Cybersecurity Cybersecurity and Infrastructure Security Agency

Supply Chain Attack Against 3CXDesktopApp

3CXDesktopApp — a voice and video conferencing app — was trojanized, potentially leading to multi-staged attacks against users employing the vulnerable app.

By Homeland Security Today

March 31, 2023

CISA is aware of open-source reports describing a supply chain attack against 3CX software and their customers. According to the reports, 3CXDesktopApp — a voice and video conferencing app — was trojanized, potentially leading to multi-staged attacks against users employing the vulnerable app.

CISA urges users and organizations to review the following reports for more information, and hunt for the listed indicators of compromise (IOCs) for potential malicious activity:

CrowdStrike: Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers
SentinelOne: SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack
DesktopApp: 3CX DesktopApp Security Alert

Read more at CISA

Homeland Security Today

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

See Full Bio

Chris Pietrzak Joins goTenna in VP Role

GAO: Report Highlights DoD Challenges in Counternarcotics Coordination and Effectiveness Assessment

Valens Global Launches New Practice Group to Tackle Digital Threats and Harness Opportunities

Heather Carr Spearheads Civilian IT Growth at Leidos as New Strategy Lead

GAO: Report Highlights DoD Challenges in Counternarcotics Coordination and Effectiveness Assessment

DHS FY25 Budget Proposal: Seeking Resources to Enhance Homeland Security

DHS Launches “Know2Protect” Campaign to Combat Online Child Exploitation

GAO: DHS Streamlines Internal Collaboration to Enhance Information Sharing and Threat Response

Supply Chain Attack Against 3CXDesktopApp

Related Articles

USCIS Announces Open Application Period for the Citizenship and Integration Grant Program

Chris Pietrzak Joins goTenna in VP Role

California Could Ban ‘Clear’, Which Lets Travelers Pay to Skip TSA Lines

LEAVE A REPLY Cancel reply

Latest Articles

USCIS Announces Open Application Period for the Citizenship and Integration Grant Program

Chris Pietrzak Joins goTenna in VP Role

California Could Ban ‘Clear’, Which Lets Travelers Pay to Skip TSA Lines

Mexican National Gets 2-Year Sentence for Illegal Re-entry and ID Fraud in the U.S.

TSA Explosives-Sniffing Dog Retires from Duty at Reagan National Airport