VERY IMPORTANT

Recently, Check Point Research encountered a series of worldwide attacks relevant to VoIP, specifically to Session initiation Protocol (SIP) servers. Based on information provided by our global sensors, there appears to be a systematic exploitation pattern of SIP servers from different manufactures. Further exploration revealed that this is part of a large, profitable business model run by hackers. During our research, we discovered a new campaign targeting Sangoma PBX (an open-source web GUI that manages Asterisk). Asterisk is the world’s most popular VoIP PBX system, and it is used by many Fortune 500 companies for telecommunications. The attack exploits CVE-2019-19006, a critical vulnerability in Sangoma, granting the attacker admin access to the system.