Massive campaign target Elastix VoIP systems with 500,000 unique malware samples

On Saturday, threat analysts have discovered a massive campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months.

Elastix is a server software for unified communications (Internet Protocol Private Branch Exchange [IP PBX], email, instant messaging, faxing), used in the Digium phones module for FreePBX.

The attackers might have exploited a Remote Code Execution (RCE) vulnerability known as  CVE-2021-45461, with a critical severity rating of 9.8 out of 10.

Adversaries have been exploiting this vulnerability since December 2021 and a recent campaign appears to connect to the security issue.

At Palo Alto Networks’ Unit 42,  security researchers have said that the attacker’s ambition was to plant a PHP web shell that could run arbitrary commands on the compromised communications server.

According to Bleeping Computer, in a report on Friday, the researchers say that the threat actor deployed “more than 500,000 unique malware samples of this family” between December 2021 and March 2022.

“The campaign is still active and shares several similarities to another operation in 2020 that was reported by researchers at cybersecurity company Check Point,” a source as per Bleeping Computer.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of, Inc. or its affiliates Read More

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

function init() { var vidDefer = document.getElementsByTagName('iframe'); for (var i=0; i