A large-scale campaign was found targeting Elastix VoIP telephony servers with over 500,000 malware samples, over a period of three months. The campaign’s goal was to plant a PHP web shell to run arbitrary commands on infected communications servers. The operation systematically exploited SIP servers from various manufacturers. Researchers have provided technical details regarding used tactics in recent campaigns to avoid infection.