32 people was apprehended in Romania, but the VoIP hacking continues from this country. Low wages, highly educated people and not too many jobs often forces people to start hacking, combined with low risk of being caught.
This was from IP 188.24.194.155 caught in a SIP honeypot belonging to Honeynet Project.
REGISTER sip:IP.removed SIP/2.0
Via: SIP/2.0/UDP 192.168.0.135:5060;rport;
branch=z9hG4bK6640
From: <sip:1234@IP.removed>;tag=3202
To: <sip:1234@IP.removed>
Call-ID: 14862
CSeq: 1 REGISTER
Contact: <sip:1234@192.168.0.135>
Max-Forwards: 70
User-Agent: Linphone/3.3.99.9 (eXosip2/3.3.0)
Expires: 3600
Content-Length: 0
Normal procedures is to use SIPvicious to do scanning, then use Linphone or other softphone to test out if you can dial out on the discovered IP PBX.
VoIP admins, do a pen-test on your own system and lock it down. This is, sadly, just the start….