Suspected nation-state involvement by the threat actor LABYRINTH CHOLLIMA. The application is available for Windows, macOS, #Linux, & mobile. At time of writing, activity has been observed on both #Windows & #macOS #software #supply #chain #vuln #systems #products #malware #networks #cyber #infrastructure #softphone #mobile #application #voip #phones #sip #threats #informatique ( thx: Colin Cowie ( @th3_protoCOL ) & Florian Roth (@cyb3rops) )

https://falcon.laggar.gcw.crowdstrike.com/intelligence-v2/reports/csa-230489-labyrinth-chollima-suspected-of-conducting-supply-chain-attack-with-3cx-application

★ https://github.com/SigmaHQ/sigma/pull/4151/files

★ https://github.com/Neo23x0/signature-base/blob/master/yara/gen_mal_3cx_compromise_mar23.yar