SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack - SentinelOne
https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
Objective-See's Blog
https://objective-see.org/blog/blog_0x73.html
3CX Supply Chain Compromise Leads to ICONIC Incident | Volexity
https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/
3CX VoIP Software Compromise & Supply Chain Threats
https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats
// 2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers // : crowdstrike
https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
CrowdStrike Prevents 3CXDesktopApp Intrusion Campaign
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
The Vulkan Files: Secret trove offers rare look into Russian cyberwar ambitions - The Washington Post
https://www.washingtonpost.com/national-security/2023/03/30/russian-cyberwarfare-documents-vulkan-files/
vx-underground - Directory
https://share.vx-underground.org/
3CX users under DLL-sideloading attack: What you need to know – Sophos News
https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/
Qakbot/Qakbot_BB21_30.03.2023.txt at main · pr0xylife/Qakbot · GitHub
https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB21_30.03.2023.txt
‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics | Cyberwar | The Guardian
https://www.theguardian.com/technology/2023/mar/30/vulkan-files-leak-reveals-putins-global-and-domestic-cyberwarfare-tactics
Threat alerts from SentinelOne for desktop update initiated from desktop client | 3CX Forums
https://www.3cx.com/community/threads/threat-alerts-from-sentinelone-for-desktop-update-initiated-from-desktop-client.119806/
Check Point Research on Twitter: "There are at least 3 different trojanized #3CX Windows installers in the recent Supply Chain attack, two MSIs and one NUPKG. As a result, some of the other components may also vary. Those are the malicious installers identified so far: f3d4144860ca10ba60f7ef4d176cc736…" / Twitter
https://twitter.com/i/web/status/1641424448740810754
3CX Security Alert for Electron Windows App | Desktop App
https://www.3cx.com/blog/news/desktopapp-security-alert/
Jon on Twitter: "Head of cyber for the treasury of Britain. £57k https://t.co/rxbS6ssHSe" / Twitter
https://twitter.com/Jontafkasi/status/1641193954778697728
Hackers compromise 3CX desktop app in a supply chain attack
https://www.bleepingcomputer.com/news/security/hackers-compromise-3cx-desktop-app-in-a-supply-chain-attack/
3CX DesktopApp Security Alert | 3CX Forums
https://www.3cx.com/community/threads/3cx-desktopapp-security-alert.119951/
Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign | Rapid7 Blog
https://www.rapid7.com/blog/post/2023/03/30/backdoored-3cxdesktopapp-installer-used-in-active-threat-campaign/
Hackers compromise 3CX desktop app in a supply chain attack
https://www.bleepingcomputer.com/news/security/cybersecurity-firms-warn-of-3cx-desktop-app-supply-chain-attack/
MalwareHunterTeam on Twitter: "@cyb3rops @BleepinComputer "Unfortunately this happened because of an upstream library we use became infected." 👀 https://t.co/dA6rVDuKZS" / Twitter
https://twitter.com/malwrhunterteam/status/1641345575009353729
3CX Desktop App Supply Chain Attack Leaves Millions at Risk - Urgent Update on the Way!
https://thehackernews.com/2023/03/3cx-desktop-app-targeted-in-supply.html
»Vulkan Files«-Enthüllungen: Wie Putins Cybersoldaten den Krieg ins Internet tragen - DER SPIEGEL
https://www.spiegel.de/politik/deutschland/vulkan-files-enthuellungen-wie-putins-cybersoldaten-den-krieg-ins-internet-tragen-a-bb241ad9-a9c3-422e-af57-ffe59986a1d8
GitHub - binsync/binsync: A collaborative reversing plugin for cross-decompiler collaboration, built on git.
https://github.com/binsync/binsync
Gi7w0rm on Twitter: "⚠️ @SentinelOne is investigating an ongoing supply chain attack on the #3CXDesktopApp. 3CXDesktopApp is a voice and video conferencing Private Automatic Branch Exchange (PABX) enterprise call routing software developed by 3CX, a business communications https://t.co/0kknUp0tXG…" / Twitter
https://twitter.com/i/web/status/1641230790125137921