Impact of 3CX supply chain attack still examined as company admits gaps

Despite uncertainties regarding the impact of a North Korean supply chain attack targeted at 3CX VoiP software, hundreds of thousands are believed to have the vulnerable instance, potentially impacting millions of customers, reports CyberScoop. Such an attack was first alerted to 3CX through an antivirus notification but 3CX CEO Nick Galea said that such a warning was not immediately acted upon due to the elevated volume of such prompts. None of the antivirus engines on VirusTotal have also flagged compromise when the company checked, said Galea, who noted that the company is still learning about the attack following CrowdStrike's report. "Then we gave it much more, let's say importance, which we should have done before we fully understand now. It's just we didn't understand before the severity of it. We have a security team, we do our own pentesting, we've got software scanners, we got a [chief security officer] of course. Nonetheless, they outsmarted us," said Galea. Meanwhile, Volexity has noted that malicious code has been injected into Windows and macOS installers for 3CX's desktop app. "3CX was itself compromised by the threat actor for a period of time prior to the infection, allowing the attacker to develop an understanding, access, and malicious code for the development-update process of the company," said Volexity.