Palo Alto Network researchers witnessing over 500,000 samples of malware implanting a web shell in Digium phone software. Pictured: A headset hangs on a cubical wall in Philadelphia. (Photo by William Thomas Cain/Getty Images)Researchers reported finding a malware group that targeted the Elastix system used in the Digium VoIP PBX system.In a July 15 blog post, Unit 42 researchers from Palo Alto Networks said the attacker implants a web shell to exfiltrate data by downloading and executing added payloads inside a target’s Digium phone software — a FreePBX module written in PHP.The researchers said they have witnessed more than 500,000 unique malware samples of this family over the period spanning from late December 2021 till the end of March 2022.
Mike Parkin, senior technical engineer at Vulcan Cyber, said implanting back door web shells on vulnerable systems is nothing new. While the details have evolved over the years, and which specific techniques the attackers used to breach the system and obfuscate their attack may change, Parkin said the overall tactics and procedures remain largely the same.“What’s somewhat surprising is that nearly half-a-million attacks were noted between December 2021 and March 2022, and this report is being released now in the middle of July,” said Parkin.
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Threat actors could leverage nine unpatched vulnerabilities impacting Ruckus Wireless Virtual SmartZone and Ruckus Network Director instances to facilitate the complete compromise of networks belonging to enterprises and major public organizations that commonly use the offerings to support their Wi-Fi infrastructure, according to BleepingComputer.
Attacks leveraging exposed ASP.NET machine keys have been deployed by initial access broker Gold Melody, also known as UNC961 and Prophet Spider, to facilitate network compromise as part of the TGR-CRI-0045 campaign, with such access later sold to other illicit actors, The Hacker News reports.