Researchers at Cyble Research & Intelligence Labs (CRIL) have uncovered an advanced cyber campaign targeting FreePBX systems and, with high confidence, linked the activity to the threat actor INJ3CTOR3. The operation introduces a previously undocumented PHP webshell family named JOMANGY and deploys the ZenharR malware toolkit, which has previously been associated with the same actor. 

Unlike conventional malware campaigns centered on ransomware or data theft, this operation is designed to hijack telephony infrastructure and abuse victims’ SIP trunks to generate fraudulent outbound calls billed directly to affected organizations. Researchers said the campaign demonstrates an unusually persis...