Xen Orchestra

The organisation is known by the alias Xen Orchestra.
Its headquarters is located in the United States of America.
The source material does not provide additional information about its size, products, markets, or ownership.

On May 3, 2020, Xen Orchestra experienced a security incident.
The incident involved the exploitation of SaltStack vulnerabilities identified as CVE-2020-11651 and CVE-2020-11652.
Attackers used these vulnerabilities to execute an unauthorized cryptocurrency mining script on several virtual machines.
The mining activity caused service disruptions characterized by high CPU usage and the deactivation of firewalls.
Critical assets such as GPG signing keys, customer credentials (which were securely hashed), and payment data were not compromised.
Analysis showed that the malicious payload lacked persistence mechanisms and did not modify core infrastructure components.
To mitigate the impact, Xen Orchestra rebooted the affected systems, disabled SaltStack across its entire infrastructure, and implemented enhanced network isolation through VPNs.
A forensic examination that utilized virtual machine backups confirmed that no data exfiltration occurred and that there were no lasting system modifications.
Following the incident, the organization initiated ongoing monitoring and rotated passwords as precautionary measures.
Details of the incident were disclosed in a blog post available at https://xen-orchestra.com/blog/saltstack-cve-2020-11651-and-cve-2020-11652-incident/.