Earlier this month, VoIP communications company 3CX confirmed North Korean hackers were behind a supply chain attack on their company. 3CX disclosed the attack and official recommendations to its customers (reference).
3CX is an open standard, software-based phone system based on the SIP standard. It works with a range of phone hardware and features web browser-based extensions and mobile apps. 3CX says its 3CX Phone System is used by over 600,000 companies worldwide with over 12 million active users daily. 3CX is a smaller competitor to Microsoft Teams phones which has over 300 million active users.
The malware compromised systems by using DLL side-loading via legitimate Microsoft Windows binaries. This strategy made it much harder to detect the attacks.
Secondly, the malware was programmed to load automatically on all infected devices during system start-up. This gave attackers immediate remote access all over the internet.
Finally, macOS systems that were targeted in the attack were also backdoored with Simplesea malware. Mandiant, a third-party incident response firm hired by 3CX, is still analyzing data to determine if there are malware family overlaps.
The identified backdoor commands included shell command execution, file transfer, file execution, file management, configuration updating, and testing the connectivity of a provided IP and port number.
Following the attack, 3CX advised all customers to uninstall the impacted Electron desktop client from all Windows and macOS devices. They also recommended immediately switching to the progressive web application Web Client App, which provides similar features.
Following the attack on 3CX, you may wonder, are there better and safer options?
The answer is: yes! If you are already a Microsoft 365 user or considering switching over, Microsoft Teams offers competitive software in Teams Phones.
If you have questions about which VoIP business phone solution would be best for your business, our team can help. Visit our VoIP Business Phone Solution page and contact us here.