Risky Bulletin Newsletter
March 31, 2023
Risky Biz News: North Korean hackers behind supply chain attack on 3CX
Presented by

News Editor
A Shodan search returns more than 245,000 3CX VoIP IPBX servers, just to give you an idea of how popular the 3CX system is.
As for 3CX, well, it's not good. At all. First, they didn't detect the intrusion for months. Second, when several antivirus products started detecting their clients as malicious, they repeatedly claimed it was just false positives, over and over again, without investigating further. When 4-5 different vendors see the same thing, it's probably a indicator you should look at your app. Third, some customers said that when they went to 3CX's customer support with CrowdStrike's findings, they were asked to "open a support ticket at £75 per incident." That's just... not what people wanted to hear.
The company did eventually confirm the incident in a blog post and promised to release new clean desktop client versions. Until then, 3CX recommended that customers use its web-based PWA app instead.