Something to watch out for if you are using the 3CXDesktopApp in your environment. There is not much info available at the moment but according to CrowdStrike:
“The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity. “
More here: