From e3321fcc1c4945869ead264fe600e10f8b647790 Mon Sep 17 00:00:00 2001
From: blackorbird <14833213+blackorbird@users.noreply.github.com>
Date: Mon, 3 Apr 2023 15:41:47 +0800
Subject: [PATCH] Create README.MD

---
 lazarus/3CXSupplyChain/README.MD | 69 ++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 lazarus/3CXSupplyChain/README.MD

diff --git a/lazarus/3CXSupplyChain/README.MD b/lazarus/3CXSupplyChain/README.MD
new file mode 100644
index 0000000..51849ee
--- /dev/null
+++ b/lazarus/3CXSupplyChain/README.MD
@@ -0,0 +1,69 @@
+
+## 3CX Supply Chain
+
+Volexity
+https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/
+
+CrowdStrike
+https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
+https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
+
+SentinelLabs
+https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
+
+Sophos
+https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/
+
+Huntress
+https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats
+
+Elastic Ecurity Labs
+https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack
+
+Reversing Labs
+https://www.reversinglabs.com/blog/red-flags-fly-over-supply-chain-compromised-3cx-update
+
+PAN(Palo Alto)
+https://unit42.paloaltonetworks.com/3cxdesktopapp-supply-chain-attack/
+
+Trend Micro Research
+https://www.trendmicro.com/en_us/research/23/c/information-on-attacks-involving-3cx-desktop-app.html
+
+CheckPoint Research
+https://twitter.com/_CPResearch_/status/1641424448740810754
+
+Objective See
+https://objective-see.org/blog/blog_0x73.html
+
+Fortinet
+https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised
+
+Orange Cyberdefense
+https://www.orangecyberdefense.com/global/blog/research/3cx-voip-app-supply-chain-compromise
+
+Symantec (Broadcom)
+https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack
+
+Cyble
+https://blog.cyble.com/2023/03/31/a-comprehensive-analysis-of-the-3cx-attack/
+
+Nextron Systems
+https://www.nextron-systems.com/2023/03/31/using-thor-lite-to-scan-for-indicators-of-lazarus-activity-related-to-the-3cx-compromise/
+
+Automox
+https://www.automox.com/blog/3cx-desktop-app-compromised
+
+Malwarebytes
+https://www.malwarebytes.com/blog/news/2023/03/3cx-desktop-app-used-in-a-supply-chain-attack
+
+Rapid7
+https://www.rapid7.com/blog/post/2023/03/30/backdoored-3cxdesktopapp-installer-used-in-active-threat-campaign/
+
+Talos (Cisco)
+https://blog.talosintelligence.com/3cx-softphone-supply-chain-compromise/
+
+Trustwave
+https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-action-response-supply-chain-attack-using-3cx-pbax-software/
+
+Blackberry
+https://blogs.blackberry.com/en/2023/03/initial-implants-and-network-analysis-suggest-the-3cx-supply-chain-operation-goes-back-to-fall-2022