Security News > 2022 > July > Massive campaign hits Elastix VoIP systems with 500,000 unique malware samples
Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months.
Security researchers at Palo Alto Networks' Unit 42 say that the attackers' goal was to plant a PHP web shell that could run arbitrary commands on the compromised communications server.
In a report on Friday, the researchers say that the threat actor deployed "More than 500,000 unique malware samples of this family" between December 2021 and March 2022.
The campaign is still active and shares several similarities to another operation in 2020 that was reported by researchers at cybersecurity company Check Point.
The researchers observed two attack groups using different initial exploitation scripts to drop a small-size shell script.
A list of indicators of compromise reveals local file paths the malware uses, unique strings, hashes for shell scripts, and public URLs that host the payloads.