JustInTech
Active Member
- Reaction score
- 46
- Location
- Napier, New Zealand
Looks like a supply chain attack on 3CX
Update: Also, just received an email alert from Huntress:
--------------------------------
On March 29th, CrowdStrike announced publicly that they discovered the 3CX VoIP Desktop Application was compromised and being used for malicious activity. Huntress added increased monitoring for malicious activity related to the 3CX application on your hosts since the announcement while we investigated and validated this compromise.
While we have not yet seen indications of malicious activity related to this supply chain attack on your host, we recommend that you remove the 3CX software from this system as it is a potentially compromised version. We understand that this may impact operations if this is your only method of phone communications, and we encourage you to assess your own risk as you decide if removing the 3CX application is viable.
If removing 3CX is not a viable option, you should take additional measures to prevent compromise such as blocking known malicious IP addresses at your firewall and ensuring all your antivirus software is up to date. You may be able to revert back to an older version of the software, but you will need to take measures to ensure that it does not automatically update again to a compromised version.
Thank you for trusting the Huntress team.
--------------------------------
Update: Also, just received an email alert from Huntress:
--------------------------------
On March 29th, CrowdStrike announced publicly that they discovered the 3CX VoIP Desktop Application was compromised and being used for malicious activity. Huntress added increased monitoring for malicious activity related to the 3CX application on your hosts since the announcement while we investigated and validated this compromise.
While we have not yet seen indications of malicious activity related to this supply chain attack on your host, we recommend that you remove the 3CX software from this system as it is a potentially compromised version. We understand that this may impact operations if this is your only method of phone communications, and we encourage you to assess your own risk as you decide if removing the 3CX application is viable.
If removing 3CX is not a viable option, you should take additional measures to prevent compromise such as blocking known malicious IP addresses at your firewall and ensuring all your antivirus software is up to date. You may be able to revert back to an older version of the software, but you will need to take measures to ensure that it does not automatically update again to a compromised version.
Thank you for trusting the Huntress team.
--------------------------------
Last edited:
