top of page

3CX Hack Info for Defenders

Apr 6, 2023

Uninstall app for now



Hackers compromise 3CX desktop app in a supply chain attack

Active Intrusion Campaign Targeting 3CX DesktopApp - NHS Digital


Yesterday I reported on the supply chain attack playing out on 3CX systems. Today 3CX confirms the exploit is active for Mac users and Safari browsers, as well, and new evidence shows the attackers had access for several months before being detected.


This is Katy Craig in San Diego, California.


Google’s security arm, Mandiant, is now investigating. For those who missed my coverage yesterday, 3CX is a major player in the communication solutions industry, providing voice over IP VoIP phone software to over 600,000 companies worldwide, including dozens of major brands. This software is crucial for businesses to maintain seamless communication across various channels.


The latest research shows that the hackers were able to get into 3CX's systems and stay there for months without being found. They were able to get more information, talk to command and control servers, and steal data because they had more access. The full extent of the damage is still being assessed, but the implications of this breach are far-reaching. With so many users, it's impossible to overstate the risk that sensitive data could be stolen and that business operations for hundreds of thousands of companies could be messed up.


3CX released an official statement recommending users uninstall the desktop app and use the web application until given the all clear. Cybersecurity experts recommend that users of the affected software take precautionary measures such as updating their security protocols and closely monitoring their systems for any signs of unauthorized access.


This is Katy Craig. Stay safe out there.


bottom of page