We are reporting that multiple servers in our infrastructure were compromised, affecting approximately 3,000 SIP extensions and 500 trunks.
As part of our incident response, we have locked all administrator access and restored our systems to a pre-attack state. However, we must emphasize the critical importance of determining the scope of the compromise.
Can you please confirm whether SIP account and trunk credentials should be considered compromised ??
If so, we will proceed with a complete password rotation across all affected systems…