Date
Incident start date & time: Sunday, August 28, 2022, 01:09 (GMT+3)
Incident end date & time: Thursday, September 28, 2022, 22:40 (GMT+3)
Status
Complete, supplementary actions pending
...
Extend enforced use of MFA to administrative accounts for remote/console access to all server systems
Further strengthen MFA resilience by use of hardware FIDO2 security keys
Enforce zero-trust policy on the endpoint detection and response (EDR) software running on all corporate server and workstation systems
Engage a 24x7 SOC to monitor and analyze traffic and activity patterns within the environment
Rebuild and isolate physical cloud infrastructure in Thessaloniki region
Decommissioning of vulnerable Hosted Exchange services
Review of current access policies on physical infrastructure
Review existing vulnerability management process
Schedule review of risk management process
Export Hosted Exchange services mailbox data and make them available to the end-users (in progress)
Rebuild and redeploy Azure Pack tenant portal to manage and administer IaaS workloads (in progress)
Timeline
Sunday, August 28, 2022, 01:09 (GMT+3)
...
Wednesday, August 31, 2022
Public DNS, Cloud Databases and Acronis Cloud Backup on interworks.cloud services were successfully restored and brought back to operational status.
Thursday, September 1, 2022 - Tuesday, September 27, 2022
All affected services have been gradually restored - either in their original location and configuration or their backups were made available to end-users for direct use in other environments.
Thursday, October 6, 2022
The forensics analysis report was completed, confirming our initial findings regarding the attacker's entry point. No evidence of data exfiltration was discovered by the two independent firms that conducted the forensics investigation and analysis. At the same time, no customer has reported unauthorized access to, copy of, transfer, alteration or deletion of their data.