SITUATION
The client was breached by a threat actor through a sophisticated spear phishing campaign against their employees. Once the targets were compromised, the threat actor deployed a remote access trojan, malware allowing administrative control over the employees’ personal machines. From the personal machines, the threat actor captured credentials, accessed internal systems, conducted recon activity, and moved laterally within the environment, propagating the original malware.
OUR ROLE
We were retained to identify the threat actor, assess the scope of impact on client systems, and confirm the eradication of the threat. Our experts analyzed the malware identified by the client during their investigation and the tactics, techniques, and procedures performed by the threat actor. We performed forensic analyses on identified systems and shared additional indicators of compromise with the client to determine the full scope of impact as well as the eradication of the threat.
OUR IMPACT
After conducting our analysis, we attributed the threat activity to a nation-state actor and confirmed that the threat had been eradicated and contained to the systems the client identified during their investigation. Additionally, we provided remedial recommendations to the client, including guidance on hardening their systems and integrating new capabilities to prevent another attack.