At this writing, 3CX has deprecated the affected versions of the Windows application.Īt present, the only platforms confirmed by our customer data to be affected are Windows and MacOS, which is in agreement with 3CX’s information on affected platforms. The most common post-exploitation event we have observed to date is the presence of an infostealer that targets the browser(s) on a compromised system. The software is a digitally signed version of the softphone desktop client for both Windows and MacOS, which includes a malicious payload. Some Windows and MacOS versions of the application have been abused by the threat actor to add an installer that communicates with various command-and-control (C2) servers. The affected software is 3CX – a legitimate software-based PBX phone system available on Windows, MacOS, Linux, Android, and iOS. Overview We will update this page as events and understanding develop, including our threat and detection guidance. This page provides an overview of the situation, a threat analysis, information for hunters, and information on detection protection. Sophos X-Ops is tracking a developing situation concerning a seeming supply-chain attack, possibly undertaken by a nation-state-related group.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |