Security News > 2022 > July > Elastix VoIP systems hacked in massive campaign to install PHP web shells
Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months.
Security researchers at Palo Alto Networks' Unit 42 say that the attackers' goal was to plant a PHP web shell that could run arbitrary commands on the compromised communications server.
The campaign is still active and shares several similarities to another operation in 2020 that was reported by researchers at cybersecurity company Check Point.
The researchers observed two attack groups using different initial exploitation scripts to drop a small-size shell script.
Md5 - MD5 authentication hash for remote login and web shell interaction.
The web shell also features an additional set of eight built-in commands for file reading, directory listing, and reconnaissance of the Asterisk open-source PBX platform.