Security News > 2020 > November > Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies
According to findings published by Check Point Research, the threat actors - believed to be located in the Palestinian Gaza Strip - have targeted Sangoma PBX, an open-sourced user interface that's used to manage and control Asterisk VoIP phone systems, particularly the Session Initiation Protocol servers.
"One of the more complex and interesting ways is abusing the servers to make outgoing phone calls, which are also used to generate profits. Making calls is a legitimate feature, therefore it's hard to detect when a server has been exploited."
Check Point researchers posited that the hacked VoIP servers could be employed by the attackers to make calls to International Premium Rate Numbers under their control.
Back in September, ESET researchers uncovered Linux malware dubbed "CDRThief" that targets VoIP softswitches in an attempt to steal phone call metadata and carry out IRSF schemes.
"The attack on Asterisk servers is also unusual in that the threat actors' goal is to not only sell access to compromised systems, but also use the systems' infrastructure to generate profit. The concept of IPRN allows a direct link between making phone calls and making money."