Inj3ctor3 is a apt_group tracked across 2 threat clusters and 3 intelligence report mentions on ThreatCluster. First observed March 1, 2026; most recent activity May 22, 2026.
A cyber campaign attributed to the threat actor INJ3CTOR3 is targeting FreePBX systems, deploying a new PHP webshell named JOMANGY. This operation utilizes a six-layer persistence mechanism to maintain control over…
Attackers exploited CVE-2025-64328, a command injection vulnerability, affecting 900 Sangoma FreePBX systems. The exploitation resulted in the installation of web shells, with hundreds of instances remaining compromised…