all InfoSec news
Sophisticated 3CX Software Supply Chain Attack Affects Millions of Users
Security Boulevard securityboulevard.com
On March 29th, 2023, it was published that 3CX, the international VoIP IPBX software, was under an ongoing software supply chain attack. The attackers had trojanized the 3CX communication installer software, reportedly used by over 12 million users daily. Several endpoint security vendors, such as SentinelOne and CrowdStrike, identified this attack. Some reports link this attack to the notorious Lazarus group, the cybercrime group linked to the government of North Korea, as part of their wide activity targeting. …
3cx 3cxdesktopapp appsec attack attackers call communication crowdstrike cybercrime daily endpoint endpoint security enterprise explainers government installer international korea lazarus lazarus group link march north north korea reports routing security sentinelone software software supply chain software supply chain attack supply supply chain supply chain attack targeting threats under vendors voip