![]() However, forum moderators appeared to dismiss the issue to an error on SentinelOne's part and advised customers to contact the endpoint security vendor to resolve the problem. SentinelOne's platform automatically detected and blocked the Trojanized executable for about a week.ĭuring that time some 3CX customers noticed that SentinelOne had flagged and uninstalled their 3CX desktop apps because of suspicious activity and voiced concerns on 3CX's user forum. ![]() On Wednesday evening SentinelOne also published research on the supply chain attacks and revealed that it observed a spike in behavioral detections of the 3CXDesktopApp.exe starting on March 22. It added that the campaign was connected to North Korean state-sponsored hacking group Labyrinth Chollima, also known as Lazarus Group or APT 38.ĬrowdStrike said its Falcon threat detection platform identified and blocked the malicious activity in the 3CXDesktopApp, and its researchers contacted 3CX. "The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity," CrowdStrike wrote in a blog post. Issues with 3CX's software first emerged Wednesday when CrowdStrike reported malicious activity with 3CXDesktopApp.exe, the signed executable for the vendor's soft phone application. We're still researching the matter to be able to provide a more in-depth response later today," Jourdan said.ģCX has more than 600,000 customers worldwide and 12 million users, according to the company's website. "The issue appears to be one of the bundled libraries that we compiled into the Windows Electron App via GIT. Instead the company added a third-party software library to its app that was apparently compromised.
0 Comments
Leave a Reply. |