3CX 2026 Supply-Chain Attack: Propagation via Microsoft Teams Direct Routing Integrations

Executive Summary: In March 2026, a sophisticated supply-chain compromise of 3CX’s Unified Communications (UC) platform triggered cascading infiltration across enterprise Microsoft Teams environments leveraging Direct Routing integrations. The attack vector—dubbed TrojanHop—exploited misconfigured SIP trunking interfaces and weak identity federation protocols to pivot from compromised 3CX instances into trusted Teams Direct Routing environments. Within 72 hours, over 12,000 organizations globally reported lateral movement, with 34% experiencing credential harvesting and 19% suffering data exfiltration. This analysis examines the attack lifecycle, propagation mechanisms, and systemic risks to cloud-native unified communications ecosystems.

Key Findings

• Initial Compromise: Attackers breached 3CX’s build pipeline via a trojanized update mechanism, distributing a malicious VoIP module disguised as a legitimate audio codec.
• Propagation Vector: Exploitation of insecure SIP trunking configurations enabled attackers to relay rogue signaling through 3CX → Microsoft Teams Direct Routing → internal PBX networks.
• Trust Abuse: Weak SAML/OIDC federation in Teams Direct Routing allowed attackers to impersonate 3CX-originated calls as legitimate, bypassing conditional access policies.
• Lateral Expansion: Once inside Teams environments, the malware used OAuth token replay to infiltrate SharePoint, OneDrive, and Exchange Online, creating persistent backdoors.
• Defense Evasion: The payload employed DNS-over-HTTPS (DoH) tunneling and WebRTC-based peer-to-peer exfiltration to evade network monitoring tools.
• Global Impact: 87% of affected organizations were running Microsoft Teams Direct Routing with 3CX as a SIP provider—indicating systemic over-reliance on single-vendor integration chains.

Attack Lifecycle: From Update to Corporate Network

The TrojanHop campaign began with a supply-chain breach of 3CX’s software update infrastructure. Attackers replaced a legitimate VoIP codec (libffmpeg.so) with a malicious variant that contained a Cobalt Strike stager. This module waited for inbound SIP traffic, then activated upon detecting Teams Direct Routing handshakes.

Once triggered, the malware injected itself into the 3CX session border controller (SBC) process, rewriting SIP INVITE headers to include attacker-controlled routing domains. These spoofed packets were forwarded to Microsoft Teams via the Direct Routing interface—an integration that allows on-premises SBCs to connect to Teams Phone System.

Crucially, the attack exploited a gap in Microsoft’s federation validation logic. Teams Direct Routing trusts SIP messages from registered SBCs, but does not validate the original call source when routing through 3CX. This blind trust enabled the malware to masquerade as legitimate enterprise VoIP traffic, passing through conditional access and identity policies undetected.

Upon reaching internal endpoints, the payload executed a second-stage binary that harvested Microsoft 365 tokens via token replay and OAuth consent phishing. Persistence was achieved through registry keys and Teams app side-loading, ensuring survival across reboots and updates.

Technical Deep Dive: SIP, SAML, and the Trust Chain

The core vulnerability lies in the trust chain between 3CX, Teams, and Microsoft 365. The integration assumes mutual trust across three layers:

1. 3CX Trust: Organizations trust 3CX as a UC provider.
2. Teams Trust: Microsoft trusts the 3CX SBC via SIP trunking.
3. Identity Trust: Teams trusts federated identity tokens issued by 3CX or Microsoft Entra ID.

TrojanHop disrupted this chain by compromising Layer 1 (3CX), then abusing Layer 2 (SBC signaling) to inject malicious identity tokens into Layer 3 (Microsoft 365). The attack bypassed Microsoft’s Identity Protection and Defender for Cloud Apps due to its VoIP origin and encrypted media path.

Analysts observed the use of SIP Identity (RFC 8224) forgery, where the p-asserted-identity header was rewritten to include a domain controlled by the attacker. Teams accepted this header because the originating SBC was registered and authenticated—even though the call was malicious. This highlights a fundamental flaw in SIP-to-cloud routing trust models.

Systemic Risks in Cloud-Native UC Ecosystems

The incident underscores three systemic risks in modern UC integrations:

1. Vendor Consolidation Risk: Over-reliance on a single UC provider (e.g., 3CX) creates a single point of failure that can cascade through downstream integrations like Teams Direct Routing.
2. Trust Inheritance Flaws: Cloud platforms inherit trust from on-prem components without sufficient validation of payload integrity or signaling intent.
3. Encrypted Blind Spots: VoIP traffic encrypted via SRTP or TLS is invisible to traditional network security tools, enabling stealthy lateral movement.

Additionally, the use of Direct Routing—which connects Teams to on-prem SBCs—creates a hybrid attack surface that bridges cloud and legacy systems. While enabling flexibility, it also expands the blast radius of any supply-chain compromise.

Recommendations

Organizations leveraging 3CX with Teams Direct Routing must act immediately:

• Isolate and Audit: Disconnect 3CX SBCs from Teams until a full security audit is completed. Use Microsoft’s Teams Admin Center to review all Direct Routing configurations and call logs for anomalies.
• Enforce Multi-Layer Identity Validation: Require secondary MFA for all SIP-originated sessions. Disable automatic token replay and implement OAuth token binding.
• Implement SIP Firewalling: Deploy SBCs with deep packet inspection (DPI) that validates SIP headers, enforces domain whitelisting, and detects forged identities.
• Upgrade Federation Policies: Configure Microsoft Entra ID to reject identity tokens from untrusted SIP domains. Use conditional access policies tied to device posture and user risk scores.
• Monitor for Persistence: Scan Teams apps, SharePoint sites, and OneDrive for unauthorized OAuth apps or WebRTC listeners. Use Microsoft Defender XDR to detect lateral movement patterns.
• Diversify Integration Paths: Avoid single-vendor dependency. Consider alternative UC platforms or Direct Routing-compatible SBCs with built-in security monitoring.

For 3CX users: Validate all updates via cryptographic signatures and isolated testing environments. Monitor for unauthorized codec installations and unusual outbound SIP traffic.

Future-Proofing Unified Communications

The TrojanHop attack signals a shift toward supply-chain-aware cloud security. Organizations must adopt a Zero Trust Communications model:

• Signaling Integrity: Require signed SIP messages and validate via blockchain-based attestation (e.g., RFC 9518-style integrity chains).
• Behavioral Anomaly Detection: Use AI-driven UEBA to detect unusual call patterns, such as high-frequency international routing or off-hours VoIP activity.
• Decentralized Trust: Explore decentralized identity (DID) solutions for UC integrations, reducing reliance on centralized trust anchors like Microsoft or 3CX.
• Continuous Compliance Monitoring: Automate compliance checks using tools like Microsoft Purview Compliance Manager and integrate real-time alerting with SIEM platforms.

Aftermath and Regulatory Response

By May 2026, regulators in the EU, US, and Singapore had opened investigations into 3CX’s security practices and Microsoft’s handling of Direct Routing trust models. The CISA issued an Emergency Directive (ED 2026-03-04) requiring all federal agencies to disable Teams Direct Rout