ACSC Warns: 3CX DesktopApp Compromise Affects Users
The Australian Cyber Security Centre (ACSC) has raised a medium alert over a supply chain compromise affecting the 3CX DesktopApp, a popular voice and video conferencing tool. Users are urged to review the Security Alert published by 3CX and follow the vendor's advice.
The compromise allows malicious actors to launch multi-stage attacks against users of the legitimate software. The ACSC is monitoring the situation and can provide assistance and advice as required. Australian users of affected versions should immediately investigate for signs of malicious activity.
The manipulation of the affected versions of 3CX DesktopApp for Windows and Mac was conducted by a threat actor deploying a malware framework known as EggStreme. This framework uses sophisticated techniques like renaming malicious DLL files to evade detection. 3CX advises customers to uninstall the affected desktop client and use the browser-based Web App (PWA) until a new, secure version is delivered. Reports and indicators of compromise (IOCs) are available from CrowdStrike and SentinelOne.
The ACSC is aware of reports suggesting an active state-sponsored intrusion campaign targeting 3CX DesktopApp users, but has not received reports of Australian organisations being targeted. Additional alerts have been published by the United States Cybersecurity & Infrastructure Security Agency (CISA) and the Canadian Centre for Cyber Security.
The ACSC recommends users of 3CX DesktopApp review the Security Alert published by 3CX and continue to follow the vendor's advice. The ACSC is monitoring the situation and can provide assistance and advice as required. Users are advised to stay vigilant and follow best cybersecurity practices to protect their systems.
