## A serious chain attack campaign targeting an update of a familiar calling application in many parts of the world, including Vietnam, threatens to make many business users victims. An attack campaign targeting a familiar calling application has just been discovered. This is an application for calling and taking care of customers of businesses. This application called 3CXDesktopApp is said to be used in many Vietnamese businesses. The attack targeting software developer 3CX was discovered at the end of March 2023. Accordingly, the hacker inserted spyware into the software update, which was digitally signed by the 3CX developer himself. When customers update and use 3CXDesktopApp, they run the risk of falling victim to a malicious attack. On the company’s website, the calling software is used daily by more than 600,000 companies with 12 million users worldwide. The service’s customers include many famous names such as Coca-Cola, McDonald’s, American Express, BMW, Honda… According to Bkav’s statistics, in Vietnam, there are at least 318 businesses and organizations using it. 3CX Desktop App, in which many large financial enterprises may have fallen victim to this attack. “Malware is becoming more and more sophisticated. Instead of directly targeting the organizational unit, they attack through the software supplier, turning that software into a spy tool, thereby stealing and encrypting. data and perform other destructive acts,” said Mr. Nguyen Van Cuong, Bkav Cybersecurity Director. With the particularly serious impact of this attack campaign, **Bkav recommends that units using 3CXDesktopApp software immediately do the following**: – Close, disconnect all connections. Internet of the system to prevent the intrusion and control of hackers. – Update to the latest version of 3CXDesktopApp. – Contact specialized units in cybersecurity to perform a comprehensive review of your entire system, including: servers, workstations and cloud systems, to thoroughly remove spyware. . Bkav’s cybersecurity leader also said that the malware that attacks APT is becoming more and more sophisticated, instead of directly targeting organizational units, they attack software providers, turning software then become spies for them, thereby stealing, encrypting data and performing other destructive acts… “We recommend that units and organizations need to deploy SOC network security monitoring solutions to have can immediately detect unusual signs of attacks like this, in order to respond and handle them in time,” emphasized Mr. Nguyen Van Cuong.
