Earlier this year, Microsoft was made aware of a series of vulnerabilities in its Exchange servers. These are email servers used worldwide by thousands of companies. Microsoft released updates on March 2 to protect its systems again. The FPS Interior also uses Microsoft Exchange servers and has requested assistance from the CCB. The SPF, like thousands of companies around the world, was vulnerable and "back doors" were discovered on the network. These were closed and updates were immediately applied, but the CCB also conducted further monitoring.

It was during this investigation that CCB's cyber experts found subtle indications of questionable acts on the SPF's network. Initial leads date back to April 2019 and point to a highly sophisticated cyberattack. The complexity of this attack indicates an actor with extensive cyber capabilities and resources. The perpetrators acted in a targeted manner, which points to espionage.