Potentially ... but this is very unlikely.

The recon happened in January. If you were vulnerable then, AND you were reconned AND (various other things) then your system's security would be in doubt.

There's also a few other things that people could have done - with hindsight! e.g. change Plesk's port, or block 8443 from the internet at your edge firewall, and set up a login page on the network that redirects to it (and is allowed). That would stop most recons.

Nobody has said where the recons came from, but I'm betting cn/ru/ro/ua IP-space? Or did they hire a botnet for the purpose?

On the machines i was asked to inspect there were traces from everywhere.... Lot from the us.

Yeah a lot of things could have been done..... Even doing a rpm -e psa could have helped us all...

We need proper explanations from whose has access to the sources of agent. Php.....