We have been informed by the LKA (Landeskriminalamt) that our systems could possibly be compromised.
Therefor we shut down all domain based services, except the login servers, for security reasons.
This effects services like datev, campus.net, printing, storage servers, etc.
So far we could not find any evidence for a security breach and waiting for detailed information from the LKA.
Mail, VPN and eduroam are still working
Update 14.02.2020 10:16AM
So far we could not find evidence for a new infection, but are still investigating our infrastructure.
To took further measures and secure our IT infrastructure, we set up a new antivirus system, currently as a trial, but most likely as a replacement for the build in antivirus clients. We will install this new antivirus software on our servers first and start a roll out to domain connected windows based computers in a second step.
We currently restarting all servers and services that we shutdown yesterday one by one. All restarted servers will be scanned with the new antivirus software and could therefor be experienced as slow.
We expect all servers and services are running again in the afternoon latest.
Update 14.02.2020 03:45PM
All server and services are up and running again.
We are still investigating and scanning the servers for malicious software. So far no evidence for compromised servers are found.
Due to the ongoing scanning and forensic the systems could be still experienced as slow and possible service interruptions are possible.