Security researchers have identified a massive supply chain attack involving trojanized versions of Microsoft Windows and Apple Mac applications being sent to victims. The attack, which is believed to have been initiated by the mysterious hackers behind the SolarWinds and Hafnium data center infiltration, is targeting users of the popular 3CX VoIP and video conferencing system.
The attack, which was first reported by the Secureworks Counter Threat Unit (CTU) researchers, saw the bad actors taking advantage of a series of vulnerabilities in the 3CX VoIP and Video Conferencing platform to hijack and manipulate the back-end hosting infrastructure of the system. Specifically, the hackers managed to inject malicious code into the 3CX system, which allowed them to set up two malicious domains that were used to distribute trojanized versions of Windows and Mac applications.
The trojanized versions of the Windows and Mac applications were reported to contain a malicious payload that, if activated, would launch a command and control channel that would be used to manipulate the 3CX system further. The attackers are believed to be using the trojanized applications to gain remote control of victim systems in order to gain access to sensitive customer and corporate data.
What makes this supply chain attack particularly insidious is that it is difficult to detect due to its use of a legitimate software product as the payload. The malicious code is hidden within a legitimate, signed software application and cannot be easily detected. Once the trojanized application is launched, the attackers can use it to gain access to the customer’s or corporate data.
The attack is a stark reminder of the importance of maintaining comprehensive security measures, such as strong authentication and up-to-date security patches, to minimize the risk of supply chain attacks. It is also crucial to ensure all software applications that are used to access corporate networks are kept up to date, with regular security patch updates.
In this instance, 3CX has released a patch for its VoIP and video conferencing platform to protect against the trojanized applications. Companies using 3CX should make sure they have applied the patch as soon as possible, to protect against any potential attack.
Hey Subscribe to our newsletter for more articles like this directly to your email.