| SYMBOL | COMMON_NAME | aka. SYNONYMS |
INJ3CTOR3 is a threat actor first identified in 2020, known for targeting vulnerabilities in VoIP systems, specifically CVE-2019-19006 and CVE-2021-45461. Their operations involve exploiting FreePBX vulnerabilities to deploy PHP web shells for data exfiltration and persistence. The group utilizes tools for SIP server exploitation, including brute-force scripts and authentication bypass techniques. Observations indicate a resurgence of their attack patterns, reflecting historical behaviors while adapting to current vulnerabilities.
There are currently no families associated with this actor.
| 2026-01-28
⋅
Fortinet
⋅
Unveiling the Weaponized Web Shell EncystPHP INJ3CTOR3 |
| 2020-11-05
⋅
Checkpoint
⋅
INJ3CTOR3 Operation – Leveraging Asterisk Servers for Monetization INJ3CTOR3 |