A number of different threat actors have attacked VoIP(opens in new tab) telephony servers belonging to Elastix with more than 500,000 different malware(opens in new tab) samples between December 2021 and March 2022, researchers have claimed.
Elastix is a unified communications server software, bringing together IP PBX, email, IM, faxing and collaboration tools.
The researchers are speculating the attackers exploited CVE-2021-45461, a high-severity (9.8) vulnerability that allows for remote code execution. Their goal was to set up a PHP web shell that would allow them to run arbitrary code on the compromised endpoints.
