We want to inform you about an evolving cybersecurity threat targeting users of the 3CX softphone telephony platform. We believe this threat comes from a group associated with the Democratic People's Republic of Korea, and it's important to take necessary precautions to protect your business.
This is a significant threat that should be taken seriously, as the malware is difficult to detect using traditional security tools. This attack can harm your business by stealing sensitive data, disrupting your operations, and causing financial loss. Fortunately, we have solutions that can help you detect, prevent, and mitigate this attack.
Please reach out to us if you’d like to set up a quick 10-minute call to discuss how we can help.
If you are a Lotus managed client, we have already scanned your environment searching for installed instances of the application and suspicious traffic on your firewall. If detected, we are reaching out to you personally to remove it.
Why This is a Big Deal
To get technical for a moment, this trojan malware is signed with a 3CX certificate, creating a complex situation when it comes to prevention using traditional security controls. The malicious activity includes beaconing to actor-controlled infrastructure and deployment of second-stage payloads. In a small number of cases, hands-on-keyboard activity or keylogging is possible.
The CEO of 3CX, Nick Galea, has been quoted by numerous sources to uninstall the affected software. The safe bet is to remove all versions from Windows and Macintosh as both platforms appear to be affected.
