In the following incident, you can see that a python script was used to modify
/etc/passwd, potentially enabling an attacker to add or change a user account. In addition, there was other suspicious network activity that was made by the same python process.