Site icon Sophos News

3CX Desktop Attack: Sophos Customer Information

Overview

Sophos X-Ops is tracking an attack against the 3CX Desktop application, possibly undertaken by a nation-state-related group.

The affected software is 3CX – a legitimate software-based PBX phone system available on Windows, Linux, Android, and iOS. The application has been abused by the threat actor to add an installer that communicates with various command-and-control (C2) servers.

A list of IOCs for this attack is published on our GitHub.

Sophos protection

Sophos has taken the following actions to protect customers from this attack:

Static detections:

Reputation detection:

Memory detection:

Determining impact with Sophos XDR

Sophos XDR enables organizations to determine whether hosts have communicated with threat actor infrastructure. We have created a custom query that is available here.

More information

For further insights into the attack, read the article from Sophos X-Ops here.

We also recommend that users of 3CX’s software monitor the company’s blog and support forum.

Exit mobile version