INJ3CTOR3INJ3CTOR3

Also known as: INJ3CTOR3

Known aliases
1

Profile

INJ3CTOR3 is a threat actor first identified in 2020, known for targeting vulnerabilities in VoIP systems, specifically CVE-2019-19006 and CVE-2021-45461. Their operations involve exploiting FreePBX vulnerabilities to deploy PHP web shells for data exfiltration and persistence. The group utilizes tools for SIP server exploitation, including brute-force scripts and authentication bypass techniques. Observations indicate a resurgence of their attack patterns, reflecting historical behaviors while adapting to current vulnerabilities.

Aliases· 1

INJ3CTOR3

References

  1. https://research.checkpoint.com/2020/inj3ctor3-operation-leveraging-asterisk-servers-for-monetization/
  2. https://unit42.paloaltonetworks.com/digium-phones-web-shell/
  3. https://www.fortinet.com/blog/threat-research/unveiling-the-weaponized-web-shell-encystphp

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Hunt3r Kill3rs
Actor
APT.3102
Actor
GambleForce
Actor
JINX-0164
Actor
TA453
Actor
Boolka
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.