1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Elastix VoIP systems targeted by massive malware campaign

    From TechnologyDaily@1337:1/100 to All on Mon Jul 18 13:15:04 2022
    Elastix VoIP systems targeted by massive malware campaign

    Date:
    Mon, 18 Jul 2022 12:03:09 +0000

    Description:
    Multiple threat actors with IP addresses in the Netherlands attempt to deploy thousands of malware variants.

    FULL STORY ======================================================================

    A number of different threat actors have attacked VoIP telephony servers belonging to Elastix with more than 500,000 different malware samples between December 2021 and March 2022, researchers have claimed.

    Elastix is a unified communications server software, bringing together IP
    PBX, email, IM, faxing and collaboration tools.

    The researchers are speculating the attackers exploited CVE-2021-45461, a high-severity (9.8) vulnerability that allows for remote code execution.
    Their goal was to set up a PHP web shell that would allow them to run arbitrary code on the compromised endpoints. Blending into the environment

    Experts from Palo Alto Networks Unit 42 who first spotted the campaign said two separate attack groups, using different methods to exploit the flaws, tried to deploy a miniature shell script, which installs a PHP backdoor and gives the attackers root access.

    "This dropper also tries to blend into the existing environment by spoofing the timestamp of the installed PHP backdoor file to that of a known file already on the system," the researchers noted.

    The IP addresses of the groups are in the Netherlands, it was further explained, but DNS data points to Russian adult sites. The payload delivery infrastructure is only partially active, at the moment. Read more

    Microsoft Exchange servers are being hacked to deploy ransomware



    Nasty new malware targets Microsoft Exchange servers



    Check out our list of the best firewalls right now

    The campaign is still ongoing, the researchers concluded.

    Depending on the campaign goal, enterprise servers are sometimes a higher-value target than computers, laptops, or other company endpoints. Servers are usually more powerful devices, and could be used, for example, as part of a potent botnet delivering thousands of requests per second.

    Servers can also be used to deploy cryptomining software, earning valuable cryptocurrencies for their attackers. And finally, if the servers are shared (for example, in a cloud environment), a potential data breach could compromise multiple companies at once, and all of their customers, combined. Here's our take on the best endpoint protection software today

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/elastix-voip-systems-targeted-by-massive-malwar e-campaign/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)