3CX Supply Chain Attack – March 2023

We regret to inform you that 3CX has been targeted by a supply chain attack. This has created a vulnerability in some versions of the desktop app allowing an attacker to inject malware onto affected machines. On being notified by 3CX we immediately looked through our customer’s systems and dealt with any that were using an affected version.

3CX has now released a fix for the desktop app and this has been applied to all our customer’s hosted systems.

We are continuing to monitor the situation together with our security provider Huntress to check for any signs of intrusion. At the time of writing none of our customers are showing any sign of having been compromised due to this attack.

We will contact you directly if we find any indication of compromise due to this attack on 3CX.

More information is available from 3CX on their forum, you can view their response here: https://www.3cx.com/blog/news/desktopapp-security-alert/