...
System log shows on 2025 Mar 24 12:00:09 (UTC) hundreds of failed attempts to login as root, then, suddenly the
attacker successfully logged in [...] etc. The attacker created the identities ABC and XYZ., Placedplaced a trojan
and possibly compromised the credentials of users: DEF, UVW>
- If available and relevant, the list of other eduGAIN participants possibly affected
<Ex: Suspicious new identities ABC and XYZ where created:
- Possible vulnerabilities exploited by the attacker
<Ex: the attacker exploited a weak root password and gained further access by exploiting CVE-2009- 1234
against [...] etc.>
- Actions taken to resolve the incident <Ex: Disk images have been saved, systems have been
reinstalled from scratch with new, strong root passwords, and SSH has been configured to prevent "root" logins with password.>
- Recommendations for other sites, actions suggested
<Ex: Sites should check and report any successful SSH connection from
...