[CyberDefenders Write-up] 3CX Supply Chain

2025-02-03 • System Weakness •

https://systemweakness.com/cyberdefenders-write-up-3cx-supply-chain-a4fb85c69275

#3CXDesktopApp #T1497 #T1574.002

A CyberDefenders 3CX supply-chain write-up walks through analysis of malicious 3CX Desktop App updates that triggered antivirus alerts, degraded performance, and unusual network traffic. The exercise identifies Windows 3CX versions flagged as malicious, the MSI creation time, and dropped DLLs named ffmpeg.dll and d3dcompiler_47.dll. It maps DLL side-loading and virtualization or sandbox evasion techniques, asks analysts to inspect the hypervisor targeted by ffmpeg.dll, and notes the cryptographic protocol used by that DLL. The attribution section cites reporting that a North Korean state-sponsored group, also known as Lazarus Group, was believed responsible for the attack, so the excerpt is relevant mainly as a training-oriented summary of public 3CX intrusion artifacts and Lazarus attribution.

Related Reports

2023-04-20 • 40% Match

3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible

Mandiant

#YARA #SupplyChain #3CXDesktopApp #SmoothOperator #UNC4736 #X_Trader #UNC4469 #UNC3782 #T1082 #T1140 #T1070.004 #T1071.001 #T1195.002 #T1112 #T1083 #T1497 #T1036 #T1027 #T1071 #T1195 #T1497.001 #T1105 #T1055 #T1620 #T1574.002 #T1622 #T1190 #T1588 #T1574 #T1573.002 #T1614 #T1573 #T1608 #T1070 #T1614.001 #T1071.004 #T1012 #T1588.004 #T1565.001 #T1036.001 #T1070.001 #T1608.003 #T1565

Shares tags: 3CXDesktopApp, T1497, T1574.002

2025-01-08 • 33% Match

That's a lot of Single Points of Failure

Tay

#3CXDesktopApp #Lazarus #RadiantCapital #Hyperliquid

Shares tag: 3CXDesktopApp • Published within a month

2024-07-19 • 26% Match

APT Quarterly Highlights : Q2 2024

Cyfirma

#Trend #Andariel #Kimsuky #MoonstoneSleet #Lazarus #T1082 #T1059.003 #T1090 #T1140 #T1005 #T1070.004 #T1041 #T1113 #T1555 #T1560 #T1071.001 #T1046 #T1112 #T1115 #T1083 #T1497 #T1056.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1555.003 #T1071 #T1124 #T1222 #T1552 #T1057 #T1583.003 #T1518.001 #T1547.001 #T1053.005 #T1539 #T1608.005 #T1583.001 #T1059.001 #T1053 #T1552.001 #T1566 #T1059 #T1003 #T1497.001 #T1102.001 #T1574.002 #T1562.001 #T1490 #T1486 #T1129 #T1133 #T1571 #T1548 #T1190 #T1203 #T1564.001 #T1087 #T1562.004 #T1218.011 #T1070.006 #T1547 #T1068 #T1614 #T1573 #T1095 #T1562 #T1070 #T1047 #T1056 #T1176 #T1010 #T1033 #T1569.002 #T1543.003 #T1485 #T1012 #T1202 #T1087.002 #T1021.004 #T1222.001 #T1518 #T1564.003 #T1505.003 #T1069.002 #T1564 #T1595.002 #T1027.005 #T1070.001 #T1056.004 #T1584

Shares tags: T1497, T1574.002

2023-04-28 • 26% Match

EDR을 활용한 3CX 공급망 침해 사고 추적

Ahnlab

#SupplyChain #3CXDesktopApp #SmoothOperator #T1071.001 #T1574.002 #T1012

Shares tags: 3CXDesktopApp, T1574.002

2023-04-03 • 26% Match

SmoothOperator Campaign Trojanizes 3CXDesktopApp

Hive Pro

#SupplyChain #3CXDesktopApp #SmoothOperator #T1071 #T1547.001 #T1059 #T1543 #T1574.002 #T1574 #T1547 #T1056 #T1543.003 #T1091

Shares tags: 3CXDesktopApp, T1574.002

2025-04-29 • 23% Match

Threat Group Profiling: Lazarus

S2W

#Lazarus #T1574.002 #T1070.006 #T1070 #T1221 #T1137.001 #T1260

Shares tag: T1574.002

« Back