Summary
This document is a threat alert issued by the Cybereason Global Security Operations Center (SOC) regarding a supply chain attack involving the 3CXDesktopApp. The alert details the nature of the attack, which exploits vulnerabilities in the software to deliver malicious payloads. The compromised application, used for calls and video conferencing, has been trojanized to communicate with command-and-control servers, leading to potential credential theft and data exfiltration. The document outlines key observations, including the involvement of a state-sponsored adversary and the use of advanced techniques to infiltrate the application. It also discusses the detection and prevention measures implemented by Cybereason, including the Variant Payload Protection (VPP) module. Recommendations are provided for organizations to secure their systems against this threat, including deploying sensors, removing the compromised software, and blocking malicious domains. The alert emphasizes the need for vigilance in cybersecurity practices to mitigate risks associated with supply chain vulnerabilities.
