It seems my Inter-tel/Mitel system was hacked recently.

Somehow calls were made into the system, and then calls were made to Cuba.

I am a bit confused on how a call into my system could be redirected to an outside line. I know some VM's have weak passwords, but even if cracked can a call be transfered to an outside line?

We do have this enabled so my receptionist can transfer to an outside line, but not from a VM box.

Any help with this would be greatly appreciated! I don't mind paying for consulting if I have to, my prior company no longer supports me it seems.....

I am running v6.0 HX controller.

Thanks!

https://sundance-communications.com/forum/ubbthreads.php/topics/568428/Mitel_Intertel_5000_Hacked

https://www.mitel.com/sites/default/files/10-Steps-Toll-Fraud_EN.pdf

I haven't touched Mitel in along time . Hope this helps.

PM Sent

HI! I didn't get a PM , if you were sending it to me?

Sorry, should have specified. I sent it to Divilish.

If your SSH port is open, close it.
If your web port is open to the outside world, then close it.
If your SIP port is open to the outside world then do everything you can to restrict access except by the source IP's you need.

We have found ISDN systems being hacked. if the hacker can get to the SSH port then they can manipulate the database to create a user. They then go through the user portal using the user they created and divert the extension or do other things so that calls in end up at expensive destinations.

I think you should consult a professional. Till then, you should get the SIP and their extensions checked. I completely agree with you, Answer The Phones.