Camera maker Axis released more details about a cyberattack that started on the night of Saturday, February 19.
In its initial messages on its website, the Swedish camera giant said it got alerts from its cybersecurity and intrusion detection system on Sunday, February 20 before it shut down all public-facing services globally in the hopes of limiting the impact of the attack.
But in a lengthy report about the attack, Axis says someone used “several combinations of social engineering” to sign in as a user on Saturday night “despite protective mechanisms such as multifactor authentication.”
There was no ransomware, according to the report, but investigators did find malware and discovered that the company’s internal directory services were compromised. Axis claimed no customer information was involved.
“Inside, the attackers used advanced methods to elevate their access and eventually gain access to directory services. Axis threat detection systems alerted incident staff of unusual, suspicious behavior, and investigations began early Sunday morning. At approximately 9 am CET Sunday morning, IT management decided to bring in external security experts and at approximately 12:00 (noon), it was confirmed that hackers were active inside Axis networks. The decision was taken to disconnect all external connectivity immediately as a way of cutting the