Threat experts have discovered a massive campaign that used more than 500,000 malware copies to target Elastix VoIP phone servers over a three-month period (Elastix is a server software for unified communications).
Since December 2021, adversaries have been taking use of this weakness, and it appears that the new campaign is related to the security problem.
The attackers’ intention, according to security experts at Palo Alto Networks’ Unit 42, was to install a PHP web shell that could execute arbitrary instructions on the hacked communications server.
The effort is still going strong and resembles another operation from 2020 in a number of ways, according to analysts at cybersecurity firm Check Point.
