OC-5070 d7d9f72fc6 Session log: Dataforth security incident, MFA rollout, test datasheet investigation ...

- DF-JOEL2 compromised via ScreenConnect social engineering (Angel Raya)
- C2 IPs blocked, rogue clients removed, M365 sessions revoked, password reset
- IC3 complaint filed, abuse reports sent to Virtuo and ConnectWise
- Conditional Access policies deployed (MFA, block foreign, block legacy auth)
- 38 stale test station accounts deleted from Entra
- Test datasheet pipeline investigated - data exists in DB, export step broken
- TestDataSheetUploader source code extracted for analysis

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-27 20:07:19 -07:00

1.4 MiB

Raw History

View Raw