{"id":51690,"date":"2023-04-28T04:51:16","date_gmt":"2023-04-28T04:51:16","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/"},"modified":"2023-04-28T04:51:16","modified_gmt":"2023-04-28T04:51:16","slug":"that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/","title":{"rendered":"That 3CX supply chain attack keeps getting worse: Other vendors hit"},"content":{"rendered":"<p><span class=\"label\">In Brief<\/span> We thought it was probably the case when the news came out, but now it&#8217;s been confirmed: The X_Trader supply chain attack behind the 3CX compromise last month wasn&#8217;t confined to the telco developer.<\/p>\n<p>Quite the contrary, in fact, according to Symantec. &#8220;To date, [we] found that among the victims are two critical infrastructure organizations in the energy sector, one in the US and the other in Europe. In addition to this, two other organizations involved in financial trading were also breached,&#8221; Symantec <a href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/xtrader-3cx-supply-chain\" rel=\"nofollow\">announced<\/a> without naming any names.&nbsp;<\/p>\n<p>For those unfamiliar with the incident, 3CX <a href=\"https:\/\/www.theregister.com\/2023\/03\/30\/communications_software_vendor_3cx_hit\/\">reported<\/a> a supply chain attack that saw its 3CX DesktopApp compromised with a trojanized version of the X_Trader futures trading app published by Trading Technologies.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>3CX&#8217;s VoIP products are used by a variety of high-profile clients, including Mercedes Benz, Air France, the UK&#8217;s National Health Service. 3CX&#8217;s CEO copped to the compromise when customers began noticing strange behavior in their instances of the DesktopApp.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>It&#8217;s still not immediately clear when or exactly where the supply chain attack started, but Symantec said it appears to be financially motivated and is targeting critical infrastructure targets. With that in mind, Symantec said the behavior lines up with North Korean habits of engaging in financially-motivated attacks that double as espionage missions.&nbsp;<\/p>\n<p>With that in mind, &#8220;it cannot be ruled out that strategically important organizations breached during a financial campaign are targeted for further exploitation,&#8221; Symantec warned.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>As we noted in previous coverage of the 3CX attack, North Korea wouldn&#8217;t be a surprise source. It attacked the X_Trader installer in 2021 to install the VEILEDSIGNAL backdoor. Technical analysis of the malware by both Symantec and Mandiant found traces of VEILEDSIGNAL in the chain of attacks used to compromise installs of 3CX DesktopApp.&nbsp;<\/p>\n<p>Symantec published a list of indicators of compromise (IOCs) with its analysis of the malware. If your environment is running any 3CX software it might be a good idea to ensure those IoCs are included in your security software.<\/p>\n<div class=\"boxout\" readability=\"41.706030150754\">\n<h3 class=\"crosshead\">Critical vulnerabilities of the week<\/h3>\n<p>Google Chrome received important updates last week, including one that addressed a nasty bug \u2013 <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-2136\">CVE-2023-2136<\/a>, which is already under active attack.<\/p>\n<p>The flaw allows an attacker to bypass the sandboxing tech in the Chrome browser by exploiting an integer overflow issue in Skia graphics engine.<\/p>\n<p>The hypothetical attacker would already need to have compromised the renderer process to manage it, but it&#8217;s clear that hasn&#8217;t been a problem \u2013 at least someone is using the exploit for the bug.<\/p>\n<p>&#8220;Google is aware that an exploit for CVE-2023-2136 exists in the wild,&#8221; the Chocolate Factory <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/chromereleases.googleblog.com\/2023\/04\/stable-channel-update-for-desktop_18.html\">warned<\/a>.<\/p>\n<p>&#8216;Twas also a vulnerable week for Cisco, which reports multiple critical problems in several software products:<\/p>\n<ul>\n<li>CVSS 9.9 \u2013 <a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ind-CAeLFk6V\" rel=\"nofollow\">multiple CVEs<\/a>: Cisco Industrial Network Director contains a pair of vulnerabilities that could allow an authenticated attacker to inject arbitrary OS commands or access sensitive data.<\/li>\n<li>CVSS 9.1 \u2013 <a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-cml-auth-bypass-4fUCCeG5\" rel=\"nofollow\">CVE-2023-20154<\/a>: Cisco Modeling Labs has an external authentication vulnerability that could give an unauthenticated attacker admin access to the platform&#8217;s web interface.&nbsp;<\/li>\n<li>CVSS 8.8 \u2013 <a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20170629-snmp\" rel=\"nofollow\">Multiple CVEs<\/a>: SNMP in Cisco IOS and IOS XE are lousy with vulnerabilities that could give a remote attacker the ability to remotely execute code or force a system reload.<\/li>\n<li>CVSS 8.8 \u2013 <a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-staros-ssh-privesc-BmWeJC3h\" rel=\"nofollow\">CVE-2023-20046<\/a>: Cisco StarOS&#8217;s SSH implementation contains a flaw that could let an authenticated remote attacker escalate their privileges on affected devices.&nbsp;<\/li>\n<li>CVSS 8.6 \u2013 <a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-bw-tcp-dos-KEdJCxLs\" rel=\"nofollow\">CVE-2023-20125<\/a>: Cisco BroadWorks Network Server has a vulnerability that could allow an attacker to exhaust system resources and cause a denial of service.<\/li>\n<\/ul>\n<p>VMware also reported a vulnerability on Thursday it described as ranging from 7.2 to 9.8 on the CVSS scale, and spanning <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2023-0007.html\" rel=\"nofollow\">two CVEs<\/a>. The issue affects VMware Aria Operations for Logs, which contains a deserialization vulnerability through which a remote unauthenticated actor can execute arbitrary code with root permissions.&nbsp;<\/p>\n<p>CISA shared a trio of critical industrial control systems vulnerabilities, too:<\/p>\n<ul>\n<li>CVSS 10.0 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-110-01\" rel=\"nofollow\">CVE-2023-2131<\/a>: INEA&#8217;s ME RTU firmware versions prior to 3.36 are vulnerable to OS command injection.<\/li>\n<li>CVSS 9.8 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-108-02\" rel=\"nofollow\">Multiple CVEs<\/a>: Multiple versions of Schneider Electric&#8217;s Easy UPS Online Monitoring software contain authentication issues which could allow an attacker to escalate privileges, bypass authentication, and the like.<\/li>\n<li>CVSS 8.6 &#8211; <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-19-346-02\" rel=\"nofollow\">Multiple CVEs<\/a>: All versions of Omron PLC CJ, PLC CS and PLC NX1P2 are vulnerable to authentication bypass vulnerabilities that could allow an attacker to pose as an authorized user.<\/li>\n<\/ul>\n<p>There&#8217;s also a pair of new known exploited vulnerabilities:<\/p>\n<ul>\n<li>CVSS 9.8 \u2013 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-27350\" rel=\"nofollow\">CVE-2023-27350<\/a>: PaperCut NG v.22.0.5 contains an authentication bypass vulnerability that allows an attacker to execute arbitrary code.<\/li>\n<li>CVSS not rated yet \u2013 CVE-2023-2136: Chrome&#8217;s rendering engine, Skia, has an integer overflow issue that could allow sandbox escape.<\/li>\n<\/ul>\n<p>Also, Oracle released a series of security updates that patch hundreds of vulnerabilities in <a href=\"https:\/\/www.oracle.com\/security-alerts\/cpuapr2023.html\" rel=\"nofollow\">Oracle<\/a>, <a href=\"https:\/\/www.oracle.com\/security-alerts\/bulletinapr2023.html\" rel=\"nofollow\">Solaris<\/a> and <a href=\"https:\/\/www.oracle.com\/security-alerts\/linuxbulletinapr2023.html\" rel=\"nofollow\">Linux<\/a> systems. They&#8217;re too lengthy to cover here, but it&#8217;s a good idea to update your Oracle systems to apply the latest patches.&nbsp;<\/p>\n<\/div>\n<h3 class=\"crosshead\">Finland sentences CEO for a breach at his company<\/h3>\n<p>Leave it to the Finns to come up with such a novel concept: The former CEO of a hacked psychotherapy center was handed a prison sentence for his role in failing to pseudonymize and encrypt patient health records, as required under the EU&#8217;s General Data Protection Regulation.<\/p>\n<p>The court originally said the seriousness of the crime justified an unconditional jail sentence, but since former boss Ville Tapio had no prior criminal record the court settled on a three month suspended sentence, the Finnish Broadcasting Company (Yle) <a href=\"https:\/\/yle.fi\/a\/74-20027665\" rel=\"nofollow\">reported<\/a>.<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2020\/10\/26\/finland_psychotherapy_clinic_ransom_attack\/\">The breach<\/a> occurred in 2020 and saw tens of thousands of patient records published online, where cyber criminals used the patient records \u2013 including session notes and personal details \u2013 to blackmail those caught up in the leak. Tapio was fired by the board of the Vastaamo psychotherapy clinic shortly after the breach.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>The court said this week that the company&#8217;s database stored patient records in plain language without adequate encryption, and characterized Tapio&#8217;s behavior as &#8220;particularly reprehensible&#8221; given the sensitive nature of the information Vastaamo stored.&nbsp;<\/p>\n<p>French police <a href=\"https:\/\/www.theregister.com\/2023\/02\/08\/vastaamo_hack_arrest_finland\/\">arrested<\/a> the alleged hacker in the case, Julius &#8220;Zeekill&#8221; Kivim\u00e4ki, in February. First identified as a suspect in the case in October of last year, Kivim\u00e4ki has a considerable cyber crime <a href=\"https:\/\/krebsonsecurity.com\/2023\/02\/finlands-most-wanted-hacker-nabbed-in-france\/\" rel=\"nofollow\">rap sheet<\/a>. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2023\/04\/24\/in_brief_security\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Also, Finland sentences CEO of breach company to prison (kind of), and this week&#8217;s laundry list of critical vulns In Brief\u00a0 We thought it was probably the case when the news came out, but now it&#8217;s been confirmed: The X_Trader supply chain attack behind the 3CX compromise last month wasn&#8217;t confined to the telco developer.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-51690","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>That 3CX supply chain attack keeps getting worse: Other vendors hit 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"That 3CX supply chain attack keeps getting worse: Other vendors hit 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-28T04:51:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"That 3CX supply chain attack keeps getting worse: Other vendors hit\",\"datePublished\":\"2023-04-28T04:51:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\\\/\"},\"wordCount\":1068,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\\\/\",\"name\":\"That 3CX supply chain attack keeps getting worse: Other vendors hit 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2023-04-28T04:51:16+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"That 3CX supply chain attack keeps getting worse: Other vendors hit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"That 3CX supply chain attack keeps getting worse: Other vendors hit 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/","og_locale":"en_US","og_type":"article","og_title":"That 3CX supply chain attack keeps getting worse: Other vendors hit 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-04-28T04:51:16+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"That 3CX supply chain attack keeps getting worse: Other vendors hit","datePublished":"2023-04-28T04:51:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/"},"wordCount":1068,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/","url":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/","name":"That 3CX supply chain attack keeps getting worse: Other vendors hit 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2023-04-28T04:51:16+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZE11t-FLVxkIzQgwOgehWAAAAEI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/that-3cx-supply-chain-attack-keeps-getting-worse-other-vendors-hit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"That 3CX supply chain attack keeps getting worse: Other vendors hit"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51690","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51690"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51690\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51690"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51690"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51690"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}