On Wednesday, March 29, 2023, multiple security firms issued warnings about malicious activity coming from a legitimate, signed binary from communications technology company 3CX. The binary, 3CXDesktopApp, is video conferencing software available for download on all major platforms. Rapid7’s threat research teams analyzed the Windows installer and confirmed that it is downloading and executing malicious DLL files. A suspected North Korean threat actor dubbed Labyrinth Chollima gained access to and backdoored the software distribution process for 3CX. This supply chain attack known as 'SmoothOperator' leverages malicious access that was delivered to customers through the auto-update mechanism of the software.
https://www.cisa.gov/news-events/alerts/2023/03/30/supply-chain-attack-against-3cxdesktopapp
This has nothing to do with Confluence, unless you've decided to install it on the same server and do some integration with it for some reason.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.