On March 29, 2023, multiple security sources began to flag the 3CX VoIP Desktop App, from 3CX, as containing malware that allows attackers control of the workstation it’s installed on. 3CX response is to uninstall 3CX Desktop App until an uninfected version of the software can be published.
The Cytracom Desktop is uncompromised and immediately available for use. https://www.cytracom.com/downloads
All ControlOne subscribers benefit from the proactive implementation of platform-wide restrictions associated with the published indicators of compromise associated with the 3CX Desktop App and malicious command-and-control (C2) communications. Additionally, Device Posture Assessment capabilities can be configured to isolate all hosts running the 3CX Desktop App from the rest of your network until the software has been removed or remediated.
While the incident investigation is ongoing, at the time of this writing, it is believed nation state actors from North Korea are behind the supply chain attack. We have seen this type of behavior before and consider this a sophisticated attack that requires resources available to nation states; however, we expect these types of compromises to become more commonplace as the compute resources become cheaper.
Cytracom is fully invested in producing the best, most secure experience for its partners and subscribers. We continue to make significant investments in our software supply chain and threat detection capabilities to assure the software available is secure and uncompromised.
This type of attack highlights the importance of software security and the need to carefully monitor and control the software supply chain to prevent attacks like this from occurring. Regardless of Cytracom’s assurances in production of secure software, Partners and subscribers should also be vigilant about updating their software and verifying the authenticity of any updates before installing them.
A supply chain attack is a type of cyber attack that targets the software supply chain by compromising one of the components used in the software development process. The goal of this attack is to infect the software with malware or malicious code, which can then be used to gain access to sensitive data or systems.
In the case of the 3CX VoIP Desktop App supply chain attack, the attackers compromised the update mechanism used by the software to deliver updates to users. They were able to replace the legitimate software update with a malicious version that contained a backdoor, allowing them to access and control the victim's system.
The attack was carried out in three stages:
If you are a ControlOne partner and have questions, please contact firstname.lastname@example.org. If you are not yet a ControlOne partner and would like a demo, email email@example.com or request a demo online here.