Please see the following security notification from cPanel that indicates that one of their support server has been compromised.
If you opened any case with cPanel on behalf of your server within 6 months, Then you should change the password of your root and any other account with sudo access.
My advice is to have a detailed verification on the following,
– ~.ssh/authorized_keys*, ie on root and sudo accounts.
– Last login IP’s
– Log file /var/log/messsages , /var/log/secure etc.