Security Incident Active  |  IR-2024-1192
INCIDENT REPORT  /  IR-2024-1192  /  CONFIDENTIAL
Platform: WordPress 6.4.3  /  PHP 8.1  /  MySQL 8.0
Critical — Severity 1

WordPress Installation Compromised

First detected: 2024-04-08  02:44:17 UTC   |   Duration: 5h 11m (ongoing)
Current Status
Containment
Not contained
Attack vector
Plugin vulnerability
Admin access
Seized by attacker
Database state
Dumped & modified
Affected Resources
Event Log
02:44:17CRITMalicious file upload via contact-form-7 — shell.php written to /uploads/
02:45:03CRITRemote code execution confirmed — shell.php accessed from 91.108.x.x
02:51:39CRITwp-config.php read — DB credentials harvested
03:02:14CRITFull wp_users table dumped — password hashes exfiltrated
03:18:50WARN.htaccess overwritten — visitors redirected to phishing domain
07:55:00INFOIncident response team notified — site taken offline pending review
This report is restricted to authorized personnel. Do not restore the site or rotate credentials without coordination from the security team. Forensic image of the server has been requested. Contact security@example.com or the 24/7 IR hotline immediately.