Today, April 4, Bkav Technology Group released a statement saying that a serious supply chain attack campaign targeted the update of 3CXDesktopApp, a software of the USA 3CX Company on both Windows and macOS, has just been discovered. In Vietnam, Bkav recorded at least 318 units and organizations using 3CXDesktopApp, including many large businesses and financial institutions.
This application has versions for popular operating systems including Windows, macOS and Linux. More than 600,000 customers and 12 million daily users in 190 countries including major brands such as American Express, BMW, Honda, IKEA, Pepsi, and Toyota have been using 3CX.
With the particularly serious impact of this attack campaign, Bkav recommends that units using 3CXDesktopApp software should immediately close, and disconnect all connections to the Internet in order to block the intrusion and control of hackers; update the latest version of 3CXDesktopApp; contact specialized cybersecurity companies to perform a comprehensive review of the entire systems such as servers, workstations and cloud systems so as to thoroughly remove spyware.