Session log: Dataforth security incident, MFA rollout, test datasheet investigation

- DF-JOEL2 compromised via ScreenConnect social engineering (Angel Raya)
- C2 IPs blocked, rogue clients removed, M365 sessions revoked, password reset
- IC3 complaint filed, abuse reports sent to Virtuo and ConnectWise
- Conditional Access policies deployed (MFA, block foreign, block legacy auth)
- 38 stale test station accounts deleted from Entra
- Test datasheet pipeline investigated - data exists in DB, export step broken
- TestDataSheetUploader source code extracted for analysis

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
OC-5070
2026-03-27 17:19:28 -07:00
parent 14f4d6b15b
commit 2dd0885b0a
73 changed files with 479938 additions and 0 deletions