3CX Supply Chain Attack — Here's What We Know So Far

Enterprise communications software maker 3CX on Thursday confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack.

The version numbers include 18.12.407 and 18.12.416 for Windows and 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 for macOS.

The company said it’s engaging the services of Google-owned Mandiant to review the incident. In the interim, it’s urging its customers of self-hosted and on-premise versions of the software to update to version 18.12.422.

“3CX Hosted and StartUP users do not need to update their servers as we will be updating them over the night automatically,” 3CX CEO Nick Galea said in a blog post. “Servers will be restarted and the new Electron App MSI/DMG will be installed on the server.”

Evidence available so far points to either a compromise of 3CX’s software build pipeline to distribute Windows and macOS versions of the app package, or alternatively, the poisoning of an upstream dependency. The scale of the attack is currently unknown.

The earliest period of potentially malicious activity is said to have been detected on or around March 22, 2023, according to a post on the 3CX forum, although preparations for the sophisticated campaign commenced no later than February 2022.

Liquid Layer Networks

Powered by:

HostCheetah Networks
Global Web Hosting, Domain Registration, and Internet Services