An analysis of more than 500,000 malware samples obtained by threat analysts over a period of three months has revealed an extensive campaign targeting Elastix VoIP telephony servers. At the same time, the threat actors are doing this in an effort to steal sensitive data from them.
In FreePBX, the Digium phones module is integrated with Elastix, server software that handles unified communications. CVE-2021-45461 is an RCE vulnerability that the attackers may have exploited in order to execute code remotely.
It appears that the recent campaign is linked to the vulnerability that has been exploited since December 2021 by threat actors.
Apparently, one of the attackers’ goals, according to a Palo Alto Networks security researcher at Unit 42, was to install a PHP web shell on a user’s machine. A compromise of a communications server may result in the execution of arbitrary commands.
In the period between December 2021 and March 2022, over 500,000 samples of malware within the…
