Thanks, thanks for all these details.
Indeed I have opened two infringement cases. One against CloudFlare that stoped the server of the hacker right away and one against Microsoft Azure. Microsoft Azure hasn't come back yet. In the infringement request we shared with them 1) the evidence that we got hacked via the Azure cloud, 2) requested that they share any additional information that they might have about this customer 3) that this caused damages to our company, 4) that they need to stop the activity of this customer ASAP to ensure that this hacker doesn't start again via M.Azure. A quick action on their behalf is vital and essential to limit any future damages that this hacker might cause to our organisation.
This request was official sent to Microsoft infringement legal department April 24 14:23 CET. As of now I have not received any response, confirmation or any communication from them.
CloudFlare was much more reactive. They came back right away and acted accordingly within a day by stopping the server of the Hacker.
Regarding the unnamed key that sits in my keychain, I noticed that there is a fonction go (aller) when you click on the key. When I click on it, It opened the MacintoshHD/private/etc/wfs/directory and the message was that the server is not available and I have deleted the key.
Unfortunately I didn't see your response before deleting the key because I didn't get an email notifying me that a new message arrived. :-(
The WFS directory is an other ticket that I did open earlier to better understand what it does. I understand that you can develop a background App, push it on any PC and connect to it via an unsecured connection http via the WFS directory. Do you have the same understanding ?
Thanks !
