Skip to content

Europe, North America Most Impacted by 3CX Supply Chain Hack “7 Ways to Improve Your Time Management Skills” “7 Strategies to Enhance Your Time Management Abilities”

Organizations in Europe, North America and Australia seem to be the most affected by the supply chain hack targeting business communication company 3CX. According to data compiled by Fortinet, the highest percentage of victims is located in Italy, followed by Germany, Austria, the United States, South Africa, Australia, Switzerland, the Netherlands, Canada and the United Kingdom. Europe tops the chart with 60%, while North America follows with 16%.

The attackers likely had access to 3CX systems for months before the breach was detected, exploiting the file signature-related vulnerability CVE-2013-3900 which had an opt-in fix released by Microsoft a decade ago. The attackers are believed to have compromised 3CX’s development systems and abused them to deliver a piece of malware, including a malicious component designed for data harvesting.

BlackBerry’s security researchers have seen many apparent victims in Australia, the United States and the United Kingdom, across the healthcare, pharmaceutical, IT, and financial sectors. An online tool has been created to help users determine if they may have been affected by the attack. 3CX has advised customers to uninstall the impacted apps and use the PWA web client instead.

The security community has criticized 3CX for the way it has responded to the breach, especially for ignoring customer reports about the application being detected as malware by multiple cybersecurity products. CrowdStrike and Sophos have found links to the North Korean threat actor Lazarus, and 3CX has confirmed that the incident was carried out by a highly experienced and knowledgeable hacker.

In conclusion, the supply chain hack targeting 3CX has had the highest impact in Europe, North America and Australia. Evidence suggests that the attackers had access to the company’s systems for months, exploiting a decade-old vulnerability to deliver a piece of malware. An online tool has been released to help users determine if they may have been affected, while 3CX has been criticized for its response. The attack is believed to have been linked to the North Korean threat actor Lazarus, with 3CX confirming it was carried out by a highly experienced and knowledgeable hacker.

Key Points:
• Organizations in Europe, North America and Australia have been the most affected by the 3CX supply chain hack.
• Evidence suggests the attackers had access to 3CX systems for months and exploited CVE-2013-3900 for initial access.
• An online tool has been released to help users determine if they may have been affected.
• 3CX has been criticized for its response to the attack.
• The attack is believed to have been linked to the North Korean threat actor Lazarus.

Leave a Reply

Your email address will not be published. Required fields are marked *