In May 2020, the telecommunications company disclosed that it had suffered a cyber attack in which hackers compromised a cloud server located in its data center, before using it as a 'stepping stone' to attack another internal server and its Active Directory server. Attackers moved from those servers to compromise an information management server used to service the company's cloud and hosting customers. It is from this last server that attackers stole data on 621 of the company's customers.
The system administration department detected a log of an unauthorized remote operation within the company's Active Directory which prompted the initial investigation and alerted the company to the incident.
If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.