CrowdStrike's intelligence team is in contact with 3CX. At the time of writing, activity was observed on both Windows and macOS. The 3CXDesktopApp is available for Windows, macOS, Linux and mobile devices. OverWatch has notified customers where hands-on keyboard activity has been observed, and Falcon Complete is in contact with customers where the 3CXDesktopApp is present. The products Falcon Prevent and Insight have behavioral prevention measures and atomic detections that target 3CXDesktopApp misuse. The malicious activities include beaconing of actor-controlled infrastructure, second-stage payload delivery, and in a few cases, keyboard activity. Security vendor CrowdStrike reports that on March 29, 2023, their Falcon OverWatch product observed unexpected malicious activity originating from a legitimate signed binary, 3CXDesktopApp – a softphone application from 3CX. On, there is the second thread // // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers // with more information. EThere is a suspicion that the software – specifically its 3CX Desktop App – might be compromised. Hints about compromiseĪ blog reader emailed me a few hours ago to alert me to the thread 3CX likely comprised, take action. 3CXDesktopApp is available for Windows, macOS, Linux and mobile devices. 3CX Desktop App is an application that can be used to make calls directly on the desktop using a headset. The 3CX phone system, an open standards software-based phone system, was originally only usable on Windows, but since 2016 can also be used on Linux and cloud platforms. 3CX is an international developer of VoIP IPBX software.
0 Comments
Leave a Reply. |