3CX: Difference between revisions - Consumer Rights Wiki

Line 10:

}}

The 3CX Phone System is a ~~software private~~ branch exchange based on the [[wikipedia:Session_Initiation_Protocol|Session Initiation Protocol]] (SIP) standard ~~to allow~~ calls via the public switched telephone network (PSTN) or ~~via~~ [[wikipedia:Voice_over_IP|Voice over Internet Protocol]] (VoIP) services <ref name=":0" />.

The 3CX Phone System is a digital [[wikipedia:Private_branch_exchange|Private branch exchange]] based on the [[wikipedia:Session_Initiation_Protocol|Session Initiation Protocol]] (SIP) standard facilitating calls via either the public switched telephone network (PSTN) or using [[wikipedia:Voice_over_IP|Voice over Internet Protocol]] (VoIP) services <ref name=":0" />.

In 2023, during a major supply chain attack affecting the 3CX desktop application, the company's public response included engaging the services of Google-owned cybersecurity firm [[wikipedia:Mandiant|Mandiant]]<ref>{{Cite web |last=Lakshmanan |first=Ravie |date=Mar 31, 2023 |title=3CX Supply Chain Attack — Here's What We Know So Far |url=https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html |archive-url=https://web.archive.org/web/20250627055223/https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html |archive-date=June 27, 2025 |access-date=2025-08-12 |website=thehackernews.com}}</ref> and advising customers to uninstall affected versions.

Line 20:

====Supply Chain Incident Response====

In March 2023, 3CX was the victim of a high-profile supply chain ~~attack~~, thought to be the result of a cascade failure starting with the software X_Trader. This attack was linked to an earlier ~~hack~~ by North Korean hackers to software company [https://www.marketswiki.com/wiki/Trading_Technologies_International Trading Technologies]. A 3CX employee's PC ~~with~~ the Trading Technologies App was used by the hackers to compromise their software and distribute malware to consumers. <ref>{{Cite news |last=Greenberg |first=Andy |date=Apr 20, 2023 |title=The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks |url=https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-url=https://web.archive.org/web/20250726115243/https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-date=July 26, 2025 |work=Wired |pages=2025-08-12}}</ref>

In March 2023, 3CX was the victim of a high-profile supply chain hack, thought to be the result of a cascade failure starting with the software X_Trader. This attack was linked to an earlier incident perpetrated by North Korean hackers, targeting software company [https://www.marketswiki.com/wiki/Trading_Technologies_International Trading Technologies]. A 3CX employee's PC containing the Trading Technologies App was used by the hackers to compromise their software and distribute malware to consumers. <ref>{{Cite news |last=Greenberg |first=Andy |date=Apr 20, 2023 |title=The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks |url=https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-url=https://web.archive.org/web/20250726115243/https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-date=July 26, 2025 |work=Wired |pages=2025-08-12}}</ref>

3CX also faced backlash for requiring users to pay ~~to open~~ support tickets during the breach, which led to further public criticism from system administrators and IT professionals.<ref>{{Cite web |last=CrowdStrike |date=2023-03-29 |title=// 2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers // |url=https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/ |website=reddit}}</ref><blockquote>"I have been in contact with 3CX and their suggestion is to open a support ticket at £75 per incident. Ludicrous." -wars_t (reddit.com) </blockquote>

3CX also faced backlash for requiring users to pay a fee when opening support tickets during the breach, which led to further public criticism from system administrators and IT professionals.<ref>{{Cite web |last=CrowdStrike |date=2023-03-29 |title=// 2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers // |url=https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/ |website=reddit}}</ref><blockquote>"I have been in contact with 3CX and their suggestion is to open a support ticket at £75 per incident. Ludicrous." -wars_t (reddit.com) </blockquote>

==References:==

[[Category:3CX]]

@@ Line 10: / Line 10: @@
 }}
-The 3CX Phone System is a software private branch exchange based on the [[wikipedia:Session_Initiation_Protocol|Session Initiation Protocol]] (SIP) standard to allow calls via the public switched telephone network (PSTN) or via [[wikipedia:Voice_over_IP|Voice over Internet Protocol]] (VoIP) services <ref name=":0" />.
+The 3CX Phone System is a digital [[wikipedia:Private_branch_exchange|Private branch exchange]] based on the [[wikipedia:Session_Initiation_Protocol|Session Initiation Protocol]] (SIP) standard facilitating calls via either the public switched telephone network (PSTN) or using [[wikipedia:Voice_over_IP|Voice over Internet Protocol]] (VoIP) services <ref name=":0" />.
 In 2023, during a major supply chain attack affecting the 3CX desktop application, the company's public response included engaging the services of Google-owned cybersecurity firm [[wikipedia:Mandiant|Mandiant]]<ref>{{Cite web |last=Lakshmanan |first=Ravie |date=Mar 31, 2023 |title=3CX Supply Chain Attack — Here's What We Know So Far |url=https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html |archive-url=https://web.archive.org/web/20250627055223/https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html |archive-date=June 27, 2025 |access-date=2025-08-12 |website=thehackernews.com}}</ref> and advising customers to uninstall affected versions.
@@ Line 20: / Line 20: @@
 ====Supply Chain Incident Response====
-In March 2023, 3CX was the victim of a high-profile supply chain attack, thought to be the result of a cascade failure starting with the software X_Trader. This attack was linked to an earlier hack by North Korean hackers to software company [https://www.marketswiki.com/wiki/Trading_Technologies_International Trading Technologies]. A 3CX employee's PC with the Trading Technologies App was used by the hackers to compromise their software and distribute malware to consumers. <ref>{{Cite news |last=Greenberg |first=Andy |date=Apr 20, 2023 |title=The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks |url=https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-url=https://web.archive.org/web/20250726115243/https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-date=July 26, 2025 |work=Wired |pages=2025-08-12}}</ref>
+In March 2023, 3CX was the victim of a high-profile supply chain hack, thought to be the result of a cascade failure starting with the software X_Trader. This attack was linked to an earlier incident perpetrated by North Korean hackers, targeting software company [https://www.marketswiki.com/wiki/Trading_Technologies_International Trading Technologies]. A 3CX employee's PC containing the Trading Technologies App was used by the hackers to compromise their software and distribute malware to consumers. <ref>{{Cite news |last=Greenberg |first=Andy |date=Apr 20, 2023 |title=The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks |url=https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-url=https://web.archive.org/web/20250726115243/https://www.wired.com/story/3cx-supply-chain-attack-times-two/ |archive-date=July 26, 2025 |work=Wired |pages=2025-08-12}}</ref>
-CX also faced backlash for requiring users to pay to open support tickets during the breach, which led to further public criticism from system administrators and IT professionals.<ref>{{Cite web |last=CrowdStrike |date=2023-03-29 |title=// 2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers // |url=https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/ |website=reddit}}</ref><blockquote>"I have been in contact with 3CX and their suggestion is to open a support ticket at £75 per incident. Ludicrous." -wars_t (reddit.com) </blockquote>
+CX also faced backlash for requiring users to pay a fee when opening support tickets during the breach, which led to further public criticism from system administrators and IT professionals.<ref>{{Cite web |last=CrowdStrike |date=2023-03-29 |title=// 2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers // |url=https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/ |website=reddit}}</ref><blockquote>"I have been in contact with 3CX and their suggestion is to open a support ticket at £75 per incident. Ludicrous." -wars_t (reddit.com) </blockquote>
 ==References:==
 <references />
 [[Category:3CX]]