Latest information on the cyber attack on adesso
Update - Status 09.03.2023, 12:00 p.m.
adesso discovered an external cyber attack on January 11, 2023 (we first reported this incident here on 2/2/2023).
adesso had immediately initiated all necessary measures to stop the activities of the attacker(s). Cyber security specialists subsequently started comprehensive forensic investigations into the facts of the case.
Initial investigations had provided indications that neither the systems nor the data of our customers were affected by this access.
---
As of 09.03.2023, we inform you about the current results of the largely completed forensic investigations. These are as follows:
- We reported that the attacker(s) installed several manipulated plug-ins in adesso's Atlassian systems. The affected systems were taken offline and all other Atlassian systems accessible from the Internet were also taken offline and forensically investigated.
- The initial access of the attacker(s) was achieved by exploiting a security vulnerability in Confluence in the context of a zero-day exploit. This is the vulnerability with the number CVE-2022-26134. The vulnerability was exploited at adesso before it became known and an exploit could not have been prevented despite the always up-to-date installation of security updates.
- In the course of further forensic analysis, it was determined that the attacker(s) were able to gain privileged access to additional systems in adesso's internal network beyond the affected Atlassian systems.
- adesso has taken the following measures in response to the new forensic findings:
- adesso informed its employees and customers about the new forensic findings.
- The current findings were shared with the German Federal Office for Information Security (BSI) and adesso is in constant exchange with the BSI.
- adesso has taken further mitigation measures to further contain the impact of the attack.
- adesso is working with external security experts to further increase the security of the IT infrastructure in response to the attack.
The forensic investigations into the origin and course of the cyber attack have largely been completed with the identification of the source of the attack. Individual further findings of the forensic investigations were shared on a client-specific basis in each case.
As a precaution, adesso has informed the Landesbeauftragte für Datenschutz und Informationsfreiheit NRW (LDI NRW) (State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia).