Overview, Update and Recommended Mitigations on the Attack
On March 29, 2023, malicious activity was identified involving a software-based phone application called 3CXDesktopApp. The attack began with threat actors introducing malicious libraries into the legitimate 3CXDesktopApp installation application, likely by including these libraries during the build process of the 3CXDesktopApp. With the malicious libraries included in the legitimate installer, individuals fall victim by downloading and running the 3CXDesktopApp installer from the developer’s website.
Because malicious content was added to this legitimate application in order to compromise the users of 3CXDesktopApp, Unit 42® believes this is intended to be a supply chain attack.
Join Jen Miller-Osborn, Director of Unit 42 Threat Intelligence, to learn:
- Key findings following the initial attack
- The threat actors’ primary goals, the tactics the tools they used
- The overall impact on affected organizations and customers
- Recommended remediation and product mitigations for this attack
- What Palo Alto Networks is offering to help your organization become more resilient