• EN

Active Intrusion Campaign Targeting 3CXDesktopApp Customers

dips
Userlevel 7
Badge +7
  • dips
  • Veeam Legend
  • 717 comments

Something to watch out for if you are using the 3CXDesktopApp in your environment. There is not much info available at the moment but according to CrowdStrike:

“The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity. “

More here: 

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2023 | www.dipen.co.uk

5 comments

Michael Melter
Userlevel 7
Badge +8

That’s quite an attack. We right away informed customers we know to use 3CX systems.

Here some recent intel from 3CX: https://www.3cx.com/community/threads/3cx-desktopapp-security-alert.119951/

Michael Melter - #VeeamLegend #veeam100 | VMCT | VMCE9 | VMCE2020 | VMCE2023 | VMCE2021 | VMCAv1 | VMCA2022 | VCP | MCP | DCIE | PhD | VDST TL3
marco_s
Userlevel 7
Badge +7

It seems “only”  version numbers 18.12.407 & 18.12.416 are affected: https://www.3cx.com/blog/news/desktopapp-security-alert/

Marco Sorrentino - Italy | System Engineer | VMCE & Veeam Lover
Iams3le
Userlevel 7
Badge +9

Great share @dips!

[Microsoft MVP | Veeam Legend 5* | VMware vExpert 4* | Cisco Champion 3*]
dips
Userlevel 7
Badge +7

It's going to be really interesting once the info is out about what exactly happened but looks to be quite bad. Especially with the large amount of high profile clients

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2023 | www.dipen.co.uk
Chris.Childerhose
Userlevel 7
Badge +20

Never really heard about this technology but interesting read for sure. Thanks for sharing.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech

Comment


Terms & Conditions