CrowdStrike Services recently investigated a security breach involving a Mitel VOIP appliance, where a threat actor exploited a novel remote code execution vulnerability, identified as CVE-2022-29499, to gain access. The exploit involved manipulating HTTP requests to bypass security restrictions and execute commands locally on the device. Despite the threat actor's use of anti-forensic techniques, CrowdStrike successfully recovered forensic data, including the initial exploit and related malicious activities, such as a reverse shell creation and the use of a tunneling tool named Chisel. The investigation highlights the importance of layered security defenses, timely patching, and network segmentation to protect critical assets from sophisticated attacks. CrowdStrike's Falcon Complete managed detection and response (MDR) team played a crucial role in identifying and mitigating the intrusion, demonstrating the effectiveness of continuous threat monitoring and remediation.