Skip to content

KISTERS software declared safe after forensic investigations

January 20, 2022

Following digital forensic investigations in response to the 10 November 2021 cyber incident, there are no indications that the KISTERS AG development network, with the corresponding sources and build environments, is affected by the attack.

Preventative measures taken

Immediately following discovery of the cyber incident, all systems were disconnected from the KISTERS network and tested in isolated environments as a precautionary measure.

Moreover, the following measures have been implemented:

    • Binaries of the latest deliveries used in KISTERS software solutions are located in separate repositories. These repositories were separated from the build system and individual checked for malware, or malicious software, using several state-of-the-art scanners. This means all software versions delivered before the security incident are considered free of any malware and can therefore continued to be used in production environments.
    • The source code was checked for any conspicuous changes within the last three months.
    • As a precaution, KISTERS has started rebuilding from scratch its build systems for the creation of future patches and updates. The build pipeline resides as before, on dedicated and isolated machines that are exclusively used for building the binaries and with strict access rights.
    • The safety policies on KISTERS development systems prevent the administrator (root) access from logging in directly on all other systems in the network that require separate local users with different passwords. The result of the inspection audit shows no suspicious logins during the last three months. 
    • All our workstations and servers were reinstalled based on the latest safe operating systems and tools. all the firewall configurations were reinitialized and readjusted.

Based on these findings, all KISTERS systems will be fully operational in the near future. Project and technical support teams will be able to provide customers with the necessary patches for critical bugs, software enhancements, and new solutions and services.

Documentation requests

If your organization uses KISTERS North America software and would like documentation of the declaration of the software safety assurance, you may email info {at} kisters [dot] net.

In addition, if your organization previously had provided secure remote maintenance access to KISTERS North America, you may request documentation of the declaration for secure remote maintenance access by contacting us at the same email address.