43. 3CX Supply Chain Attack
Hackers compromise 3CX desktop app in a supply chain attack
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack.
www.bleepingcomputer.com
https://www.3cx.com/blog/news/desktopapp-security-alert/
https://www.malwarebytes.com/blog/news/2023/03/3cx-desktop-app-used-in-a-supply-chain-attack
IoC
- 11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03
- 82a2dafd6ce594f2cf8588f32585c71be2180fc4cf9a144e300b1692f3de5807
- 7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
- 72349cf4971607c1bc66314069f0c864e8aa4336a663f2afbc2cb7e852465430
- 4f5ba87f8539711474e475c4e77c63dbb880d6bf4083b5fe97832fad6255b873
- 6e912515420f0a7f3898995fa252832e9a12fe1bde90deb0ff9ee6612505d206
- 851c2c99ebafd4e5e9e140cfe3f2d03533846ca16f8151ae8ee0e83c692884b7