Overview
3CX, the enterprise-communications software producer, has confirmed that multiple versions of its desktop app for Windows and macOS have been subjected to supply-chain attacks.
The software versions affected by these attacks include, for Windows, version 18.12.407 and 18.12.416; for macOS, versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416.
Users of this software are strongly recommended to update to version 18.12.422 as soon as possible.
If you think that your organisation uses or might be using 3CX phone system software, please check with your I.T. Provider as soon as possible.
The attacks appear to have begun on 22 March 2023; the extent of the attacks is currently unknown. Threat actors are adding installers to affecting devices which then communicate with various command-and-control (C2) servers. It is believed that a North Korean threat-actor is behind these attacks.
Recommended Action
3CX On-Premise and Self-Hosted customers are encouraged to visit the 3CX website as soon as possible:
3CX – Security Alert Blog