Latest information on the cyber attack on adesso

Update - Status 26.04.2023, 11:00 p.m.

Discovery cyber attack

adesso discovered an external cyber attack on the IT of adesso SE on 11 January 2023.

(We first reported this incident here on 2 February 2023).

Forensic analyses

Immediately after the discovery of this attack, adesso started comprehensive forensic analyses; initially by adesso's internal security team, from 16 January 2023 onwards, experienced external cyber security experts were also brought on board.

Discovery in January 2023

Among other things, the security specialists were able to uncover that the attacker(s) - still unknown today - had already gained unauthorised and unnoticed access to the adesso network at the end of May 2022.

In summary, the forensic investigations at adesso provide the following findings:

• The initial access of the attacker(s) was achieved by exploiting a security vulnerability in the Confluence system as part of a zero-day exploit. This is the vulnerability with the number CVE-2022-26134. The vulnerability was exploited before it became known and could not have been prevented.
• The attacker(s) installed manipulated plug-ins in adesso's Atlassian systems. The affected systems were taken offline and all other Atlassian systems accessible from the Internet were also taken offline and forensically examined.
• In the course of further forensic analyses, it was determined that the attacker(s) were able to gain privileged access to additional systems in adesso's internal network beyond the affected Atlassian systems.

Clarification of chronological order

It is important to us to clarify the following facts, as there are currently irritating statements circulating in the public regarding the time sequence:

The exact time of the beginning of the cyber attack could only be uncovered retrospectively from 11 January 2023 by the forensic investigations - i.e. retrospectively on the basis of the analysed traces.

This means: adesso has only known about the cyber attack since 11 January 2023. The further findings could only be obtained in the course of the forensic investigation, which started in January 2023.

Prerequisite for communication: Reliable data

In this phase of the investigation of the cyber attack, adesso was keen to communicate in a concentrated manner along the provable state of knowledge of the forensics. This way of gathering evidence crystallised with resilient information building blocks only successively in the course of time and required a certain amount of time. Evidence-based communication to the market could therefore only take place from February 2023. Since then, adesso has been in close, bilateral contact with its customers and partners.

Cyber security measures

In summary, the following measures were implemented:

• adesso has meanwhile informed its employees and customers about the forensic findings obtained.
• adesso has taken mitigation measures to further contain the impact of the attack.
• The current findings have been continuously shared with the German Federal Office for Information Security (BSI) since 20 January 2023.
• As a precaution, adesso informed the State Commissioner for Data Protection and Freedom of Information of the State of North Rhine-Westphalia (LDI NRW) on 23 January 2023.
• Together with external security experts, adesso is working hard to further increase the security of the IT infrastructure in response to the attack.
• The forensic investigations into the origin and course of the cyber attack have largely been completed with the identification of the gateway.

Information channel adesso.de for news on the cyber situation

We continuously inform our customers in direct contact as well as the public about the latest findings on the cyber attack on adesso on this news channel of our website.