TechCrunch

3CX’s supply chain attack was caused by… another supply chain attack

The incident responders investigating how hackers carried out a complex supply-chain attack targeting enterprise phone provider 3CX say the company was compromised by another supply chain attack. 3CX, ...
SiliconANGLE

3CX breach linked to software supply chain attack on third party

A successful breach of videoconferencing and business phone company 3CX Ltd. first reported last month was caused by a software supply chain attack on a third party, Google LLC’s Mandiant has revealed ...
PC Magazine

Hackers Behind 3CX Hijacking Attack Began Infecting the App Weeks Ago

SentinelOne flagged 3CX software as malicious a week before the threat became fully public. The unsettling supply chain attack on VoIP provider 3CX came to light on Wednesday, but it looks like the ...
Bleeping Computer

3CX confirms North Korean hackers behind supply chain attack

VoIP communications company 3CX confirmed today that a North Korean hacking group was behind last month's supply chain attack. "Based on the Mandiant investigation into the 3CX intrusion and supply ...
Wired

The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks

The cybersecurity industry has scrambled in recent weeks to understand the origins and fallout of the breach of 3CX, a VoIP provider whose software was corrupted by North Korea–linked hackers in a ...
PC Magazine

3CX Supply Chain Attack Traced to Employee Who Installed Malicious App

Suspected North Korean hackers compromised a futures trading app that was later installed on a 3CX employee's personal computer. The supply chain attack on the 3CX voice-calling app has been traced ...
CRN

3CX Supply Chain Attack: Big Questions Remain

Of the many unanswered questions about the widely felt compromise, the impact on 3CX’s end customers will be a major one to watch, according to security researchers. Days after the supply chain ...
Computer Weekly

3CX unified comms users hit by supply chain attacks

Customers of 3CX, a unified communications technology supplier, are being targeted by a North Korea-linked advanced persistent threat (APT) actor in a supply chain attack spreading via a compromised ...
Bleeping Computer

3CX warns customers to disable SQL database integrations

Update December 17, 15:30 EST: As shared today by 3CX CEO Nick Galea, the SQL injection flaw was discovered by independent security researcher Theo Stein in the 3CX CRM Integration and is now tracked ...
Infosecurity-magazine.com

North Korean Hackers Use Trojanized 3CX DesktopApp in Supply Chain Attacks

Threat actors suspected to be operating for the North Korean government have been observed trojanizing versions of the voice and video calling desktop client 3CX DesktopApp to launch attacks against ...
Ars Technica

Trojanized Windows and Mac apps rain down on 3CX users in massive supply chain attack

Hackers working on behalf of the North Korean government have pulled off a massive supply chain attack on Windows and macOS users of 3CX, a widely used voice and video calling desktop client, ...