Warning: DX2030 has been hacked

Hi everyone, Hi Mike,

We are a VoIP Provider in Europe and Our DX2030 which is alocated in other country in Europe and connected direct to a big Telecom provider, has been hacked over the weekend from a provider named CHINANET-GD. The Technical details of our Quintum is as bellow:
Manufacturer: Quintum Technologies
Product Name: Tenor DX
H/W Version: 0 [1 0 0 0]
S/W Version: P107-09-00
DS1 Info: 2 DS1
Protocol: H323
Status: Registered
Network: xxx.xxx.xxx.xxx (Static)
Total Calls: 0

This Hacker succeeded to send THOUNSED of calls using the Following IP Addresses:
113.105.152.32 – 113.105.152.34 – 113.105.152.48 and ASTERISK (SIP!!!)

After connecting through the Config Manager to the Quintum, nothing has been changed in the Config, and I have changed immediatly the pwd and disabled the DI completly.

Our Quintum is configured with all important steps to secure it:
-Strong Admin Password
-EPAD
but I can’t set the webserverport and the managmentAccess Parameter to 0 because the Tenor as I montioned is allocated in another country and I need remote access to it.

So my Questions:

1. How they Succeeded to send Calls with SIP and we are using H323 and EPAD?
2. If they hacked the system why they didn’t change the pwd and the config?
3. WHY THEY STILL CAN SEND CALLS EVENIF I CHANGED THE PWD?

In the alarm history I found logs like as bellow with diferent Channel numbers:
xxx.xxx.xxx.xxx:858445:RPT:4:Miscellaneous Information (PriTermCall: Channel 31 on slot=2 device=0 line=1 rejected by the peer.):0:0:0:0:SUN APR 18 13:40:23 2010

Any comment would be appreicated.

Thanks and regards
HAL