Active Intrusion Campaign Targeting 3CXDesktopApp Customers

Forum|Forum|2 years ago
March 30, 2023
5 comments
71 views

+7

dips
On the path to Greatness

Something to watch out for if you are using the 3CXDesktopApp in your environment. There is not much info available at the moment but according to CrowdStrike:

“The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity. “

More here:

+12

Michael Melter
Veeam Legend
Forum|Forum|2 years ago
March 30, 2023

That’s quite an attack. We right away informed customers we know to use 3CX systems.

Here some recent intel from 3CX: https://www.3cx.com/community/threads/3cx-desktopapp-security-alert.119951/

Like

+8

marco_s
On the path to Greatness
Forum|Forum|2 years ago
March 30, 2023

It seems “only” version numbers 18.12.407 & 18.12.416 are affected: https://www.3cx.com/blog/news/desktopapp-security-alert/

Marco Sorrentino - Italy | System Engineer | VMCE & VMCA

Like

+11

Iams3le
Veeam Legend
Forum|Forum|2 years ago
March 30, 2023

Great share @dips!

[Microsoft MVP 2x | Veeam Legend (2021 -2025) | VMware vExpert 5x | Cisco Champion 3x | Object First Ace 2x]

Like

+7

dips
Author
On the path to Greatness
Forum|Forum|2 years ago
March 30, 2023

It's going to be really interesting once the info is out about what exactly happened but looks to be quite bad. Especially with the large amount of high profile clients

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader

Like

+21

Chris.Childerhose
Veeam Legend, Veeam Vanguard
Forum|Forum|2 years ago
March 30, 2023

Never really heard about this technology but interesting read for sure. Thanks for sharing.

Like

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded