3CX VOIP Compromised & Supply Chain Threat

preview_player
Показать описание

Resources & References surrounding the 3CX exploitation:

CrowdStrike’s original Reddit reporting
CrowdStrike’s formal blog post
SentinelOne’s reporting
Discussion on the 3CX forum and public bulletin board
3CX CEO first official notification
Nextron System’s Sigma and YARA rules for detection
Unofficial OTX AlientVault Pulse
Kevin Beaumont’s commentary
Patrick Wardle’s commentary on the Mac variant
Huntress blog
  1. John Hammond
  2. cybersecurity
  3. learn
  4. programming
  5. coding
  6. capture the flag
Рекомендации по теме
3CX VOIP Compromised 0:14:15

3CX VOIP Compromised in March 2023 Supply Chain Attack

3CX VOIP Compromised 0:16:01

3CX VOIP Compromised & Supply Chain Threat

MSP Dispatch Special 0:20:00

MSP Dispatch Special Report: 3CX VOIP Software Compromise and Supply Chain Threats

3CX Business VOIP 0:06:17

3CX Business VOIP Desktop App Hacked - Possible Supply Chain Attack

Hunting for Supply 0:07:38

Hunting for Supply Chain Compromise: 3CX Desktop App backdoored by Lazarus Group | Threat SnapShot

(Update) 3CX Business 0:08:21

(Update) 3CX Business VOIP Desktop App Hacked - Supply Chain Attack

MSP Dispatch 3/31/23: 0:33:02

MSP Dispatch 3/31/23: 3CX VoIP Software Compromise Explained, AI's Great 'Pause' Deba...

3CX officially a 0:00:15

3CX officially a double supply chain compromise.

3CX Supply Chain 0:12:10

3CX Supply Chain Attack: A Quick Overview of the Incident

BREAKING NEWS: SmoothOperator 0:01:45

BREAKING NEWS: SmoothOperator Attack on 3CX

How 3CX Got 0:09:41

How 3CX Got Hacked

3CX Supply Chain 0:07:15

3CX Supply Chain Attack - Are you Ready?

Should I be 0:08:46

Should I be worried about the 3CX compromise?

3CX: How this 0:10:39

3CX: How this malware almost hacked every business

#3CX Desktop App 0:09:11

#3CX Desktop App Ambushed: Supply Chain Attack Exposed!

3CX Supply Chain 0:50:09

3CX Supply Chain Attack - What you need to know!

DOPPELTE Supply Chain 0:08:48

DOPPELTE Supply Chain Attacke!? Wie 3CX gehackt wurde.

3CX gets hacked 0:01:54

3CX gets hacked and if you’re a customer you probably were too. So do this next.

3CX Supply Chain 0:00:45

3CX Supply Chain Attack Linked to North Korean Hackers

Lazarus Group Supply 0:01:26

Lazarus Group Supply Chain Attack Targets 3CX VoIP Company and Cryptocurrency Firms

3CX SOFTWARE WAS 0:00:45

3CX SOFTWARE WAS HACKED

Breaking News: Supply 0:00:43

Breaking News: Supply Chain Attack on 3CX Desktop App Compromises Security

3CX Phone System 0:00:54

3CX Phone System Targeted by N.K. Hackers in Supply Chain

supply chain attack 0:25:56

supply chain attack explained

Комментарии
Автор

8:22 it makes sense to masquerade as ffmpeg because VOIP would use it, therefore not raise any initial suspicion

luketurner
Автор

This has been a day. Thanks for your summary and as always the amazing work on text and video.
Really looking forward to Mandiants report and possible movement within 3CX.
With the 3CX customer base, I'll just assume whatever the ATP TA wanted to achieve was mostly successful, the last (7d)+24h have been noise.

cheebydi
Автор

Great content! Your ability to not only share about the malware, but on possible scope of attack is very insightful.

BlueFolder_zip
Автор

I am a Partner that installs 3cx for our customers. That was a doozy of days helping customers here

birdgamerman
Автор

Kudos to you John and the whole Huntress team for all the incredible work you've done to help with this attack. I leaned on this video and your Huntress blog post as references for my own video. My hat is off to you all 😀👍

daniellowrie
Автор

Thanks for covering this. It made for a fun morning.

JoshWhite
Автор

This was really amazing work by you, thanks John, you always come through!!

DarkFaken
Автор

This field has been my favorite to work in, I love how we all come together to smash the TA's

JzJad
Автор

I am glad we caught this early. IR happened today and we are following up tomorrow

fistfulofhummus
Автор

I feel like a big dummy for whitelisting this when SentinelOne started detecting a threat.

Shakedog
Автор

That's why it was flagged by Defender today... Damn I REALLY hope they fixed it

theblankuser
Автор

Lol the 3cx CEO isn't taking this breach well

whyherro
Автор

I got wind of this today and started asking on the discord...had a feeling youd be making a vid on it already. Thank you so much for your quick and hard work. I want to be like you when i grow up.

doinkydeano
Автор

Been dealing with this nightmare for past day...

Catge
Автор

tx a lot for warning and explanation, already phoned customers and tightened firewalls

SKcdman
Автор

Dodged a bullet, I was using 3CX previously, but stopped as I don't like phone calls and wondered what was the point of having a phone system then…

jannikmeissner
Автор

Our org migrated off 3CX years ago due to how difficult it was to maintain and get support for. Still not great that they had this happen to them.

TheJBerg
Автор

Nicely explained. I really needed to understand this incident.

PS: I'm from a non tech background and although I didnt understand some of the terminologies used, I understood the gist.

Thank you.

subro.sengupta
Автор

Great writeup on the hack and thanks. The one question I keep asking is why didn't any SAST/DAST/Code review catch this before it showed the IoCs. Its great that every single EDR/XDR can catch this but my bigger concern are what appscan vendors aren't and am I using them today. I read in one of the post that it was digitally signed by Apple meaning they didn't catch it so why isn't anyone concerned about that? Maybe I'm missing something.

ghostdancer
Автор

Yeah i was running around all day. I'm glad none of our customers updated yet.

isrgn
join shbcf.ru