Yes, your system has been hacked. Don’t try to clean it up. Reinstall a clean .iso and restore from a backup taken before the attack. Most likely, the cause is
See also this discussion:
If your system had been updated to one of the vulnerable versions, it is almost certain that this is what happened.
To reduce the chance of similar incidents in the future, ensure that any kind of web access to the PBX (admin, UCP, REST, etc.) is restricted to whitelisted IP addresses.