20260331-thehackernews.com-eddf1 | Perceptive Security

< Back to index

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

Published:

31 March 2026 at 16:03:00

Alert date:

31 March 2026 at 17:08:47

Source:

thehackernews.com

Enterprise Applications, Zero-Day Vulnerabilities, Ransomware & Malware

A high-severity zero-day vulnerability (CVE-2026-3502) in TrueConf video conferencing software has been actively exploited in attacks targeting Southeast Asian government entities. The campaign has been dubbed TrueChaos. The vulnerability stems from a lack of integrity check when fetching application updates, allowing attackers to distribute tampered updates. With a CVSS score of 7.8, this supply chain attack vector poses significant risks to government networks using the affected software.

Technical details

CVE-2026-3502 is a high-severity vulnerability in TrueConf client video conferencing software that lacks integrity checks when fetching application updates. Attackers who control on-premises TrueConf servers can distribute tampered updates containing arbitrary code. The attack leverages DLL side-loading to launch a DLL backdoor (7z-x64.dll) that performs reconnaissance, establishes persistence, and retrieves additional payloads (iscsiexe.dll) from FTP servers. The malware uses a benign binary (poweriso.exe) to sideload the backdoor, ultimately deploying the Havoc command-and-control framework.

Mitigation steps:

Update TrueConf Windows client to version 8.5.3 or later. Monitor for DLL side-loading activities and suspicious update mechanisms. Implement additional validation for software update processes and monitor communications with known malicious infrastructure.

Affected products:

TrueConf Windows client (versions before 8.5.3)