Cyber Incident Victim: Adesso SE
Date:
Jan 2023
Location:
Germany
Summary
Adesso SE experienced a cyber attack involving unauthorized external access to limited administrative accounts, which was promptly detected and terminated. The attacker briefly accessed and partially downloaded internal company data, though customer systems and data remained unaffected with no evidence of malicious file uploads or replacements. While the incident was deemed non-reportable under regulatory standards, authorities were notified as a precaution. No subsequent unauthorized activities have been detected, and the organization is enhancing infrastructure security while forensic investigations with external specialists continue.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 11, 2023, adesso SE detected a cyber attack involving unauthorized external access to a limited number of administrative accounts. The company identified and terminated the intrusion immediately upon discovery, implementing all necessary protective measures to secure its systems. Internal forensic investigations commenced with support from external cybersecurity specialists, remaining ongoing as of the latest status update dated February 2, 2023. Preliminary findings indicated the attacker maintained access only briefly during the incident window. During this period, the threat actor partially downloaded internal company data, though investigators confirmed no customer systems or customer data repositories were compromised. Forensic analysis established that no malicious files were uploaded to adesso systems and no legitimate files were replaced with malicious counterparts during the breach. Based on these findings, adesso determined the incident did not meet mandatory breach reporting thresholds under applicable regulations. Nevertheless, the company proactively notified the State Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia (LDI NRW) as a precautionary measure. No operational disruptions occurred in customer-facing systems or services throughout the incident lifecycle.
Post-incident monitoring revealed no evidence of persistent unauthorized access or newly compromised accounts within adesso networks as of the February 2 status report. The company continued implementing additional security enhancements to strengthen infrastructure protections beyond the immediate containment actions taken during the attack. All investigative and remediation activities focused exclusively on adesso's internal administrative systems, with no indication of threat actor movement into client environments or third-party networks. The partial data exfiltration involved internal organizational information, though the company did not disclose specific data categories or volumes in public communications. Security teams maintained continuous surveillance for any residual threat activity following initial containment, with no subsequent compromises detected through the conclusion of the forensic examination period. Adesso's public disclosures emphasized the isolated nature of the breach and reiterated that customer operations remained unaffected throughout both the attack and response phases.