Adversaries increasingly using vendor and contractor accounts to infiltrate networks

• Cisco Talos Incident Response (Talos IR) has repeatedly observed attackers targeting and using compromised vendor and contractor accounts  (VCAs) during recent emergency response engagements.


• While high-profile software supply chain compromise events garner significant media attention (e.g., the recent disclosure of supply chain attacks via the 3CX Desktop Softphone application), abuse of third-party workforce accounts is often overlooked.


• VCAs typically have expanded privilege and access. They may be glossed over during account audits because of increased trust placed in the third …

3cx abuse accounts adversaries application attackers attacks attention cisco cisco talos cisco talos incident response compromise compromised contractor desktop disclosure emergency events high incident incident response media networks profile response software software supply chain supply supply chain supply chain attacks supply chain compromise talos talos incident response targeting vendor