Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-04-20MandiantJEFF JOHNSON, Fred Plan, ADRIAN SANCHEZ, RENATO FONTANA, Jake Nicastro, Dimiter Andonov, Marius Fodoreanu, DANIEL SCOTT
@online{johnson:20230420:3cx:9ef2c90, author = {JEFF JOHNSON and Fred Plan and ADRIAN SANCHEZ and RENATO FONTANA and Jake Nicastro and Dimiter Andonov and Marius Fodoreanu and DANIEL SCOTT}, title = {{3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible}}, date = {2023-04-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise}, language = {English}, urldate = {2023-04-25} } 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
POOLRAT IconicStealer
2023-04-203CXAgathocles Prodromou
@online{prodromou:20230420:security:7224e80, author = {Agathocles Prodromou}, title = {{Security Update Thursday 20 April 2023 – Initial Intrusion Vector Found}}, date = {2023-04-20}, organization = {3CX}, url = {https://www.3cx.com/blog/news/mandiant-security-update2/}, language = {English}, urldate = {2023-04-25} } Security Update Thursday 20 April 2023 – Initial Intrusion Vector Found
POOLRAT
2023-04-20ESET ResearchPeter Kálnai, Marc-Etienne M.Léveillé
@online{klnai:20230420:linux:fd293b6, author = {Peter Kálnai and Marc-Etienne M.Léveillé}, title = {{Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack}}, date = {2023-04-20}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack}, language = {English}, urldate = {2023-04-25} } Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack
BADCALL SimpleTea 3CX Backdoor BADCALL IconicStealer
2023-04-03Youtube (MalwareAnalysisForHedgehogs)Karsten Hahn
@online{hahn:20230403:malware:892e68e, author = {Karsten Hahn}, title = {{Malware Analysis - 3CX SmoothOperator ffmpeg.dll with Binary Ninja}}, date = {2023-04-03}, organization = {Youtube (MalwareAnalysisForHedgehogs)}, url = {https://www.youtube.com/watch?v=fTX-vgSEfjk}, language = {English}, urldate = {2023-04-06} } Malware Analysis - 3CX SmoothOperator ffmpeg.dll with Binary Ninja
3CX Backdoor
2023-04-03Kaspersky LabsGeorgy Kucherin
@online{kucherin:20230403:not:ddfeb19, author = {Georgy Kucherin}, title = {{Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack}}, date = {2023-04-03}, organization = {Kaspersky Labs}, url = {https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344}, language = {English}, urldate = {2023-04-08} } Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
Gopuram
2023-03-31vmwareThreat Analysis Unit
@online{unit:20230331:investigating:bf45200, author = {Threat Analysis Unit}, title = {{Investigating 3CX Desktop Application Attacks: What You Need to Know}}, date = {2023-03-31}, organization = {vmware}, url = {https://blogs.vmware.com/security/2023/03/investigating-3cx-desktop-application-attacks-what-you-need-to-know.html}, language = {English}, urldate = {2023-04-02} } Investigating 3CX Desktop Application Attacks: What You Need to Know
3CX Backdoor
2023-03-31ZscalerRohit Hegde, Niraj Shivtarkar, Meghraj Nandanwar
@online{hegde:20230331:3cx:7fb285c, author = {Rohit Hegde and Niraj Shivtarkar and Meghraj Nandanwar}, title = {{3CX Supply Chain Attack Campaign Campaign Analysis}}, date = {2023-03-31}, organization = {Zscaler}, url = {https://www.zscaler.com/security-research/3CX-supply-chain-attack-analysis-march-2023}, language = {English}, urldate = {2023-04-02} } 3CX Supply Chain Attack Campaign Campaign Analysis
3CX Backdoor
2023-03-31BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20230331:initial:6f10f80, author = {The BlackBerry Research & Intelligence Team}, title = {{Initial Implants and Network Analysis Suggest the 3CX Supply Chain Operation Goes Back to Fall 2022}}, date = {2023-03-31}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/03/initial-implants-and-network-analysis-suggest-the-3cx-supply-chain-operation-goes-back-to-fall-2022}, language = {English}, urldate = {2023-04-02} } Initial Implants and Network Analysis Suggest the 3CX Supply Chain Operation Goes Back to Fall 2022
3CX Backdoor
2023-03-31cybleCyble
@online{cyble:20230331:comprehensive:39bc743, author = {Cyble}, title = {{A Comprehensive Analysis of the 3CX Attack}}, date = {2023-03-31}, organization = {cyble}, url = {https://blog.cyble.com/2023/03/31/a-comprehensive-analysis-of-the-3cx-attack}, language = {English}, urldate = {2023-04-02} } A Comprehensive Analysis of the 3CX Attack
3CX Backdoor
2023-03-31splunkSplunk Threat Research Team
@online{team:20230331:splunk:38f1f9f, author = {Splunk Threat Research Team}, title = {{Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise}}, date = {2023-03-31}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/splunk-insights-investigating-the-3cxdesktopapp-supply-chain-compromise.html}, language = {English}, urldate = {2023-04-02} } Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise
3CX Backdoor
2023-03-31Reversing LabsKarlo Zanki
@online{zanki:20230331:red:61b2c78, author = {Karlo Zanki}, title = {{Red flags flew over software supply chain-compromised 3CX update}}, date = {2023-03-31}, organization = {Reversing Labs}, url = {https://www.reversinglabs.com/blog/red-flags-fly-over-supply-chain-compromised-3cx-update}, language = {English}, urldate = {2023-04-02} } Red flags flew over software supply chain-compromised 3CX update
3CX Backdoor
2023-03-30Huntress LabsJohn Hammond
@online{hammond:20230330:3cx:bba6690, author = {John Hammond}, title = {{3CX VoIP Software Compromise & Supply Chain Threats}}, date = {2023-03-30}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats}, language = {English}, urldate = {2023-04-02} } 3CX VoIP Software Compromise & Supply Chain Threats
3CX Backdoor
2023-03-30SymantecThreat Hunter Team
@online{team:20230330:3cx:fb5b214, author = {Threat Hunter Team}, title = {{3CX: Supply Chain Attack Affects Thousands of Users Worldwide}}, date = {2023-03-30}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack}, language = {English}, urldate = {2023-04-02} } 3CX: Supply Chain Attack Affects Thousands of Users Worldwide
3CX Backdoor IconicStealer
2023-03-30Cado SecurityCado Security
@online{security:20230330:forensic:77e03e1, author = {Cado Security}, title = {{Forensic Triage of a Windows System running the Backdoored 3CX Desktop App}}, date = {2023-03-30}, organization = {Cado Security}, url = {https://www.cadosecurity.com/forensic-triage-of-a-windows-system-running-the-backdoored-3cx-desktop-app/}, language = {English}, urldate = {2023-04-02} } Forensic Triage of a Windows System running the Backdoored 3CX Desktop App
3CX Backdoor
2023-03-30Rapid7 LabsRapid7
@online{rapid7:20230330:backdoored:9d84780, author = {Rapid7}, title = {{Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign}}, date = {2023-03-30}, organization = {Rapid7 Labs}, url = {https://www.rapid7.com/blog/post/2023/03/30/backdoored-3cxdesktopapp-installer-used-in-active-threat-campaign/}, language = {English}, urldate = {2023-04-02} } Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign
3CX Backdoor
2023-03-30CrowdStrikeCS ENGINEER
@online{engineer:20230330:20230329:49be400, author = {CS ENGINEER}, title = {{2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers}}, date = {2023-03-30}, organization = {CrowdStrike}, url = {https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/}, language = {English}, urldate = {2023-04-02} } 2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers
3CX Backdoor
2023-03-30Trend MicroTrend Micro Research
@online{research:20230330:developing:2895b8a, author = {Trend Micro Research}, title = {{Developing Story: Information on Attacks Involving 3CX Desktop App}}, date = {2023-03-30}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/23/c/information-on-attacks-involving-3cx-desktop-app.html}, language = {English}, urldate = {2023-04-02} } Developing Story: Information on Attacks Involving 3CX Desktop App
3CX Backdoor IconicStealer
2023-03-30VolexityAnkur Saini, Callum Roxan, Charlie Gardner, Paul Rascagnères, Steven Adair, Thomas Lancaster
@online{saini:20230330:3cx:82b291e, author = {Ankur Saini and Callum Roxan and Charlie Gardner and Paul Rascagnères and Steven Adair and Thomas Lancaster}, title = {{3CX Supply Chain Compromise Leads to ICONIC Incident}}, date = {2023-03-30}, organization = {Volexity}, url = {https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/}, language = {English}, urldate = {2023-03-30} } 3CX Supply Chain Compromise Leads to ICONIC Incident
3CX Backdoor IconicStealer
2023-03-30FortiguardFortiGuard Labs
@online{labs:20230330:3cx:32dbee5, author = {FortiGuard Labs}, title = {{3CX Desktop App Compromised (CVE-2023-29059)}}, date = {2023-03-30}, organization = {Fortiguard}, url = {https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised}, language = {English}, urldate = {2023-04-02} } 3CX Desktop App Compromised (CVE-2023-29059)
3CX Backdoor
2023-03-30OALabsSergei Frankoff
@online{frankoff:20230330:3cx:244fb6e, author = {Sergei Frankoff}, title = {{3CX Supply Chain Attack}}, date = {2023-03-30}, organization = {OALabs}, url = {https://research.openanalysis.net/3cx/northkorea/apt/triage/2023/03/30/3cx-malware.html#Functionality}, language = {English}, urldate = {2023-04-06} } 3CX Supply Chain Attack
3CX Backdoor