INJ3CTOR3

MISP

Type:
Unknown

Country:
Unknown

First seen:
Unknown

Details:

INJ3CTOR3 is a threat actor first identified in 2020, known for targeting vulnerabilities in VoIP systems, specifically CVE-2019-19006 and CVE-2021-45461. Their operations involve exploiting FreePBX vulnerabilities to deploy PHP web shells for data exfiltration and persistence. The group utilizes tools for SIP server exploitation, including brute-force scripts and authentication bypass techniques. Observations indicate a resurgence of their attack patterns, reflecting historical behaviors while adapting to current vulnerabilities.

References (3)

research.checkpoint.com - Inj3ctor3 Operation Leveraging Asterisk Servers For Monetization
unit42.paloaltonetworks.com - Digium Phones Web Shell
fortinet.com - Unveiling The Weaponized Web Shell Encystphp

Metadata

ID:	996
Created:	06/02/2026 16:00
Updated:	07/03/2026 16:00