Weak Passwords on Extensions = Hacked SIP/PBX
An unknown organization is systematically checking for open SIP ports and then trying common extension usernames and passwords. If they find weak passwords, they are then into the PBX and can make thousands of calls in a matter of minutes. Protect yourself. Some were Asterisk and some were SIP-based VoIP PBX. Itappears that the hack has nothing to do with any sort of Asterisk vulnerability, but with insecure passwords set for extensions.
Src: junctionnetworks.com