The ACSC is aware of a reported supply chain compromise affecting the 3CX DesktopApp, allowing malicious actors to conduct multi-stage attacks against users of the legitimate software. Australian users of affected versions of 3CX DesktopApp should immediately follow the vendor's advice and investigate for signs of malicious activity.
Background / What has happened?
Open source reports have emerged describing a supply chain compromise affecting multiple versions of 3CX DesktopApp for Windows and Mac.
3CX DesktopApp is a voice and video conferencing app. Reports suggest malicious actors have been able to modify the legitimate 3CX DesktopApp installer to trojanise the software, potentially enabling further malicious activity, such as installation of malware, against users of affected software versions.
The ACSC is aware of reports suggesting there is an active state-sponsored intrusion campaign targeting 3CX DesktopApp users. The ACSC has not received any reports of Australian organisations targeted in this campaign.
Reports relating to this campaign, and accompanying indicators of compromise (IOCs) are available from:
Mitigation / How do I stay secure?
3CX advises customers who use the affected desktop client to uninstall the software and use the browser-based Web App (PWA) until 3CX can deliver a new, secure version.
The ACSC recommends users of 3CX DesktopApp review the Security Alert published by 3CX and continue to review and follow the vendor's advice.
- Security Alert published by 3CX
Additional Alerts have been published by:
- United States Cybersecurity & Infrastructure Security Agency (CISA)
- Canadian Centre for Cyber Security
Assistance / Where can I go for help?
The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).