Skip to content

3CX Desktop App Supply Chain Attack Targets Millions – Known Facts and First Expert Comments

3CX has recently encountered a supply chain attack that affected millions of users globally. This attack utilized a technique called DLL side-loading and the malicious files were located on a GitHub repository. The intention of the attackers was to obtain confidential information from popular browsers including Google Chrome, Microsoft Edge, Brave, and Mozilla Firefox. The attack has been linked to a North Korean group called Labyrinth Chollima, which is a sub-group of the Lazarus Group.

3CX has urged customers to uninstall and reinstall the affected app or use the PWA client while the company works on a new build. Android and iOS versions remain unaffected. CrowdStrike has provided further analysis of the attack, and 3CX will continue to provide updates as new information emerges.

To prevent similar attacks in the future, organizations must create a thorough vendor risk management plan and require accountability from third parties. It is also critical to understand that not all software is created equal and to shift to the “left of the shift-left mentality.” Solutions such as IBM’s SBOM Utility and License Scanner and ethical hackers can help build a living, breathing inventory of what’s in use in an organization’s current environment, so organizations can respond quickly to software supply chain disruptions.

Key Points:

  • 3CX experienced a supply chain attack targeting millions of users worldwide.
  • The attack was attributed to a North Korean nation-state actor known as Labyrinth Chollima.
  • 3CX has urged customers to uninstall and reinstall the affected app or use the PWA client while the company works on a new build.
  • Organizations must create a thorough vendor risk management plan and require accountability from third parties.
  • Solutions such as IBM’s SBOM Utility and License Scanner and ethical hackers can help build a living, breathing inventory of what’s in use in an organization’s current environment.

3CX recently experienced a devastating software supply chain attack that targeted millions of users worldwide. The attack exploits the DLL side-loading technique, and telemetry data reveals the attacks are limited to Windows Electron (versions 18.12.407 and 18.12.416) and macOS versions of the PBX phone system. The malicious files were hosted on a GitHub repository, but have since been taken down. CrowdStrike has attributed the attack to a North Korean nation-state actor known as Labyrinth Chollima, a sub-cluster within the Lazarus Group.

The final payload can steal sensitive data from popular browsers, including Google Chrome, Microsoft Edge, Brave, and Mozilla Firefox. As a temporary solution, 3CX has urged customers to uninstall and reinstall the affected app or use the PWA client while the company works on a new build. Android and iOS versions remain unaffected. Further updates on the situation will be provided as new information emerges.

To prevent similar attacks in the future, organizations must create a thorough vendor risk management plan and require accountability from third parties. It is also critical to understand that not all software is created equal and to shift to the “left of the shift-left mentality.” Solutions such as IBM’s SBOM Utility and License Scanner and ethical hackers can help build a living, breathing inventory of what’s in use in an organization’s current environment, so organizations can respond quickly to software supply chain disruptions.

Expert analysis of the attack has revealed the importance of being aware of what is in one’s software supply chain and having the tools in place to detect and address any issues. Organizations must be proactive in their efforts to prevent supply chain attacks and be prepared to respond quickly and effectively to potential threats.

Key Points:

  • 3CX experienced a supply chain attack targeting millions of users worldwide.
  • The attack was attributed to a North Korean nation-state actor known as Labyrinth Chollima.
  • 3CX has urged customers to uninstall and reinstall the affected app or use the PWA client while the company works on a new build.
  • Organizations must create a thorough vendor risk management plan and require accountability from third parties.
  • Solutions such as IBM’s SBOM Utility and License Scanner and ethical hackers can help build a living, breathing inventory of what’s in use in an organization’s current environment.
  • Organizations must be proactive in their efforts to prevent supply chain attacks and be prepared to respond quickly and effectively to potential threats.

Leave a Reply

Your email address will not be published. Required fields are marked *