As a cybersecurity-focused MSP, we at Tech Troubleshooters understand the importance of keeping you informed of the latest cybersecurity threats and best practices. This post is about the recent 3CX supply chain attack.
Only the 3CX desktop app is at risk, available for Windows, macOS, and Linux, was recently compromised by a trojanized version that allows attackers to steal data and credentials from user profiles. Both Windows and macOS versions of the desktop app have been targeted, putting thousands of businesses at risk.
The desktop app is used by 600,000 customers in 190 countries. Notable customers include American Express, Coca-Cola, McDonald’s, BMW, Honda, AirFrance, NHS, Toyota, Mercedes-Benz, IKEA, Holiday Inn, and many others.
According to alerts from security researchers from Sophos and CrowdStrike, the attackers are targeting both Windows and macOS users of the compromised 3CX desktop app. CrowdStrike believes that a North Korean state-backed hacking group Labyrinth Chollima is behind this attack, while Sophos’ researchers say they “cannot verify this attribution with high confidence.” Labyrinth Chollima activity overlaps with other threat actors such as Lazarus Group by Kaspersky, Covellite by Dragos, UNC4034 by Mandiant, Zinc by Microsoft, and Nickel Academy by Secureworks.
If you are a Tech Troubleshooters client, no action is required. We run layered security, including SentinelOne’s advanced endpoint protection, to keep our clients’ systems safe from advanced threats. Rest assured that we take the security of your business seriously, and we continuously monitor the situation to ensure our clients remain protected.
If you are NOT currently a Tech Troubleshooters client, we encourage you to contact us for a consultation. Our team can help you assess your current security posture and provide recommendations for improving your cybersecurity strategy.
You can contact us by filling out the form below: