Recently, cybersecurity firm CrowdStrike reported that its Falcon platform had detected and prevented an active intrusion campaign targeting customers of 3CXDesktopApp, a popular software-based PBX (Private Branch Exchange) solution. The campaign, which CrowdStrike dubbed "Operation Orangutan," began in December 2020 and was aimed at installing malicious software on the endpoints of 3CXDesktopApp customers.

According to CrowdStrike, the attackers were using a combination of tactics to gain access to 3CXDesktopApp customers' networks. These included exploiting publicly known vulnerabilities, brute-forcing passwords, and using common attack vectors such as phishing emails and malicious downloads.

Once inside their victims' networks, the attackers sought to gain further access by exploiting vulnerabilities in 3CXDesktopApp's platform, as well as leveraging different techniques to move laterally. They then sought to install malicious software, such as a backdoor, on the endpoints of their victims.

Fortunately, CrowdStrike's Falcon platform was able to detect and prevent the intrusion campaign. By detecting suspicious activity on customers' endpoints, Falcon was able to alert the customers and help them take appropriate action to mitigate the threat.

In addition, CrowdStrike also provided 3CXDesktopApp customers with a detailed report of the malicious activities that had occurred on their networks. This report included information on the attack vectors used, the malicious software installed, and the steps taken to mitigate the threat.

Overall, CrowdStrike's Falcon platform proved to be an invaluable resource in detecting and preventing the intrusion campaign. It is yet another example of how advanced cybersecurity solutions can help protect organizations from sophisticated cyber attacks.