https://j-h.io/flare-systems || Track down any information leaks or cyber threat intelligence with Flare Systems, try a free trial and uncover your exposed attack surface! https://j-h.io/flare-systems
Resources & References surrounding the 3CX exploitation:
CrowdStrike’s original Reddit reporting
https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
CrowdStrike’s formal blog post
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
Todyl’s reporting https://www.todyl.com/blog/post/threat-advisory-3cx-softphone-telephony-campaign
SentinelOne’s reporting
https://s1.ai/smoothoperator
Discussion on the 3CX forum and public bulletin board
https://www.3cx.com/community/threads/threat-alerts-from-sentinelone-for-desktop-update-initiated-from-desktop-client.119806/post-558710
https://www.3cx.com/community/threads/3cx-desktop-app-vulnerability-security-group-contact.119930/
https://www.3cx.com/community/threads/crowdstrike-endpoint-security-detection-re-3cx-desktop-app.119934/#post-558726
3CX CEO first official notification
https://www.3cx.com/community/threads/3cx-desktopapp-security-alert.119951/#post-558907
Nextron System’s Sigma and YARA rules for detection
https://github.com/Neo23x0/signature-base/blob/master/yara/gen_mal_3cx_compromise_mar23.yar
Unofficial OTX AlientVault Pulse
https://otx.alienvault.com/pulse/64249206b02aa3531a78d020
Kevin Beaumont’s commentary
https://cyberplace.social/@GossiTheDog/110108640236492867
Patrick Wardle’s commentary on the Mac variant
https://twitter.com/patrickwardle/status/1641294247877021696
https://objective-see.org/blog/blog_0x73.html
Huntress blog
https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats
Support the originator by clicking the read the rest link below.
