Piyolog summarizes the March 2023 3CX supply-chain compromise in which tampered Windows and macOS 3CX client installers were distributed and could infect users with malware capable of stealing browser-stored information. The source notes that 3CX products were used globally across many sectors, including automotive, MSP, and manufacturing, and cites CrowdStrike’s high-confidence assessment that LABYRINTH CHOLLIMA, a North Korea-linked threat actor, was involved, while Volexity and others also tied the activity to Lazarus. The article lists affected versions, CVE-2023-29059, mitigation steps such as uninstalling affected desktop clients and using the PWA version, and monitoring guidance for proxy, endpoint, and network logs. It also provides representative attacker infrastructure such as akamaitechcloudservices[.]com, azureonlinestorage[.]com, glcloudservice[.]com, msedgepackageinfo[.]com, officestoragebox[.]com, and pbxsources[.]com, while warning that some listed domains may not be attacker-controlled.