I am baffled. The server was behind a firewall. I was alerted by our peer that they were seeing several calls to international destinations and they blocked the trunk. By the time I read the email and took action all looked ok. Now this baffles me there are no:
ssh access records.
Evidence of files being tampered.
Now I should mention I was working on a project to move our VoIP to AWS platform, but I had AWS firewall rules in place. Has anyone seen this type of clever hack before and have any info on how they can make calls with no record of such on the server?