I cannot tell you have many security incidents I’ve worked at orgs on critical national infrastructure over the years where the threat actor got access and *mind boggles* deployed coin miners.
No really, I don’t think I can you tell you, I’d get sued 🤣
Around ten years ago, one of the FreeBSD developers had an SSH key compromised. This key gave access to the machine with our subversion server on it. And, due to how svn worked, every user had write access to the directory containing the repo.
Subversion does not have any way of doing integrity checks, so the recovery process involved (via a script) checking out each revision in turn, then doing the same with a git mirror, and validating that they were the same.
Audit logs showed that the attacker had logged in, tried running a few Linux commands, got error messages, and logged out. We were incredibly fortunate that they didn’t do anything more serious.
If you have a fediverse account, you can quote this note from your own instance. Search https://infosec.exchange/users/david_chisnall/statuses/115173219715412859 on your instance and quote it. (Note that quoting is not supported in Mastodon.)
