Security researchers at Unit 42, a division of Palo Alto Networks, have been tracking the efforts of a massive campaign aimed at Elastix VoIP telephony servers.

They are used by companies of all shapes and sizes to unify their communications, and it is especially attractive because it can be used with the Digium phones module for FreePBX.

So far, the team has collected more than half a million malicious code samples over a three-month period.  An analysis of those code samples reveals that the attackers are exploiting a remote code execution vulnerability. It is being tracked as CVE-2021-4561 and carries a severity rating of 9.8 out of ten.

Security researchers report that hackers have been actively exploiting this flaw since at least December 2021.

Based on the code samples collected, the Unit 42 team believes that the attackers’ goal was to plant PHP web shells on successfully penetrated systems. That would allow them to execute arbitrary commands on the compromised servers.

Another security firm, Check Point, confirms Unit 42’s findings and both teams stress that the campaign is still ongoing.  Worse, it appears that there are two different groups involved in the attack. Although it is not currently known whether they are coordinating their efforts or if that fact is coincidental. Perhaps it is a case of one following the other so as not to miss out on an opportunity.

The attackers behind the campaign are both clever and technically savvy.  They’ve built in some good anti-detection strategies into the attack, such as masking the name of the back door so that the file name resembles that of a known file already on the system.  It would take a sharp pair of eyes indeed to spot it.

In any event, if you use Elastix VoIP, be sure your IT people are aware of this threat.

Related Posts - TKS Blog

TKS Newsletter - 2025 February
Here's our February 2025 Newsletter Read the full PDF version here: The TKS Sentinel - February Issue In this month's edition, we discuss: Work-Specific Tools Windows 11...
Read more
common password mistakes
Password Management Tips For Businesses
Is Your Business Cyber Secure? Passwords are the front line of defense against cyberattacks. Yet, most businesses still struggle with password security—whether it’s employees using weak...
Read more
password managers for business
How Password Managers Strengthen Your Cybersecurity Posture
The Growing Threat of Password Vulnerabilities Protecting your sensitive business information has never been more critical than it is today. Passwords remain one of the weakest...
Read more
password protection in the era of AI
Password Security In The Age Of AI
The AI Threat to Password Security Artificial intelligence is revolutionizing many industries, but it’s also empowering cyber criminals. Recent studies reveal that AI can crack over...
Read more

Used with permission from Article Aggregator