❗This article is a stub. You can help by expanding it.
#appeals channel in either Zulip or Discord to request removal.An article may be flagged as a stub when it is missing major elements needed to make it useful to a reader. You can help by adding missing sections, verifiable sources, relevant company policies and communications, etc. to make the article more complete.
3CX, Inc., is a software development company and developer of the 3CX Phone System[1] founded in Cyprus in 2005-11-01.
| Basic information | |
|---|---|
| Founded | 2005-11-01 |
| Legal Structure | Private |
| Industry | Telecommunication |
| Also known as | |
| Official website | https://www.3cx.com/ |
The 3CX Phone System is a software private branch exchange based on the Session Initiation Protocol (SIP) standard to allow calls via the public switched telephone network (PSTN) or via Voice over Internet Protocol (VoIP) services [1].
In 2023, during a major supply chain attack affecting the 3CX desktop application, company's public response included engaging the services of Google-owned cybersecurity firm Mandiant[2] and advising customers to uninstall affected versions.
Controversies
Customer and Partner Relations
The company's CTO, Nick Galea, has been the subject of criticism from some 3CX users and partners for alleged heavy-handed moderation practices and perceived unprofessional conduct in public forums. Multiple users on Reddit have reported being banned from the official 3CX community forums for raising technical concerns or criticizing company policies. [3][4]
Supply Chain Incident Response
In March 2023, 3CX was the victim of a high-profile supply chain attack, thought to be the result of a cascade failure starting with the software X_Trader. This attack was linked to an earlier hack by North Korean hackers to software company Trading Technologies. A 3CX employee's PC with the Trading Technologies App was used by the hackers to compromise their software and distribute malware to consumers. [5]
3CX also faced backlash for requiring users to pay to open support tickets during the breach, which led to further public criticism from system administrators and IT professionals.[6]
"I have been in contact with 3CX and their suggestion is to open a support ticket at £75 per incident. Ludicrous." -wars_t (reddit.com)
References:
- ↑ 1.0 1.1 "ENTERPRISE GRADE PHONE SYSTEM". 3cx.com. Archived from the original on 2025-08-13. Retrieved 2025-08-13.
- ↑ Lakshmanan, Ravie (Mar 31, 2023). "3CX Supply Chain Attack — Here's What We Know So Far". thehackernews.com. Archived from the original on June 27, 2025. Retrieved 2025-08-12.
- ↑ "My 3CX Partnership Deleted and All Linked Clients Lost".
- ↑ "Banned from the 3CX Community".
- ↑ Greenberg, Andy (Apr 20, 2023). "The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks". Wired. pp. 2025-08-12. Archived from the original on July 26, 2025.
- ↑ CrowdStrike (2023-03-29). "// 2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers //". reddit.