3월 29, 2023
SentinelOne VS SmoothOperator – Protect mode
- As of Mar 22, 2023 SentinelOne began to see a spike in behavioral detections of the 3CXDesktopApp, a popular voice and video conferencing software product categorized as a Private Automatic Branch Exchange (PABX) platform.
- Behavioral detections prevented these trojanized installers from running and led to immediate default quarantine.
- The trojanized 3CXDesktopApp is the first stage in a multi-stage attack chain that pulls ICO files appended with base64 data from Github and ultimately leads to a 3rd stage infostealer DLL still being analyzed as of the time of writing.
- At this time, we cannot confirm that the Mac installer is similarly trojanized. Our ongoing investigation includes additional applications like the Chrome extension that could also be used to stage attacks.
- The compromise includes a code signing certificate used to sign the trojanized binaries.
- Our investigation into the threat actor behind this supply chain is ongoing. The threat actor has registered a sprawling set of infrastructure starting as early as February 2022, but we don’t yet see obvious connections to existing threat clusters.
관련 리소스
데이터시트
Singularity™ Complete AI 지원 엔드포인트와 클라우드 보안
점점 더 복잡해지는 보안 아키텍처와 데이터 소스, 제한된 리소스, 더욱 정교해지는 공격에 직면한 보안 팀은 AI 지원 공격 세례에 대비하느라…
지금 읽기
Resource
SentinelOne PartnerOne - America's 2025
⛳️ Last week in Pebble Beach the America's best cybersecurity partners came together for our annual PartnerOne summit. Check out…
View Asset