Compusult Pty Ltd incident

3CX (Cloud Phone) - Supply Chain Compromised

Critical Resolved View vendor source →

Compusult Pty Ltd experienced a critical incident on March 30, 2023 affecting Hosted PBXaaS and Third Party Providers, lasting 194d 9h. The incident has been resolved; the full update timeline is below.

Started
Mar 30, 2023, 02:00 AM UTC
Resolved
Oct 10, 2023, 11:28 AM UTC
Duration
194d 9h
Detected by Pingoru
Mar 30, 2023, 02:00 AM UTC

Affected components

Hosted PBXaaSThird Party Providers

Update timeline

  1. investigating Mar 30, 2023, 09:15 PM UTC

    It has been confirmed by 3CX that the latest version of the 3CX Desktop App contains a component that has been compromised during development. This component is a third party component used by 3CX, and it has been verified by a number of antivirus vendors and confirmed by 3CX to contain some malicious code. The official 3CX announcements can be viewed here: Original announcement: https://www.3cx.com/blog/news/desktopapp-security-alert/ Update: https://www.3cx.com/blog/news/desktopapp-security-alert-updates/ Please see the recommended actions on the UPDATE link posted above. We are currently monitoring the 3CX security advisory and actioning any recommendations.

  2. identified Mar 30, 2023, 09:19 PM UTC

    3CX have released a patched version of the 3CX Desktop App. This update has been deployed to all of our hosted 3CX instances overnight. It is important to note that the update to your 3CX Cloud Phone server does not automatically update the 3CX Desktop App on your computer. See:https://www.3cx.com/blog/news/desktopapp-security-alert-updates/ for 3CX recommended actions in relation to using PWA whilst the full fix for the 3CX Desktop App can be developed / released.

  3. monitoring Mar 31, 2023, 01:01 AM UTC

    We can confirm that all 3CX tenants managed by Compusult have had the emergency 3CX Desktop App version updated. We are also monitoring for activity on our following solutions: - SentinelOne EDR (Compromised versions are automatically being removed) - PBX Monitor (our 3CX monitoring platform - detecting users still using affected versions) For clients not using our EDR solution, we have initiated a Full Network scan of your devices in order to detect the presence of the affected versions / files. Important Note: If your 3CX tenant is not managed by Compusult, you will need to check with your relevant provider to ensure that any appropriate actions have been taken. There are no additional end user actions required at this stage. This case will be updated once further relevant information is known.

  4. resolved Oct 10, 2023, 11:28 AM UTC

    This incident has been monitored for 6 months. The PWA app and desktop versions have been passed as safe since June 2023. Version 20 is pending release and incorporates a full re-write of the desktop app and native Windows Store app.