H3-2023-0007¶

Detection: 3CXDesktopApp Supply Chain Attack

Description¶

Suspicious sub-processes have been spawned by 3CXDesktopApp.exe which could indicate compromise.

Impact¶

An attacker may have had access to your environment due to a vulnerable version of 3CXDesktopApp. The events listed should be investigated to determine if malicious activity has taken place.

References¶

• SmoothOperator Supply Chain Attack Targeting 3CX VOIP Desktop Client
• NVD: CVE-2023-29059