case study
BEC Remediation and Post-attack Resilience Enhancement
Full Attack Chain Revealed
Attackers managed to compromise a senior employee’s mailbox and establish malicious mailbox rules. They succeeded in changing the bank account details of the employee, then used this change to transfer several million dollars to their own accounts.
Sygnia was called in to respond to the breach. A Sygnia IR team identified the full attack chain, including the original phishing email, subsequent credential harvesting, and other malicious access methods. All malicious access and mailbox rules were identified and removed.
Phishing Email Traced to Compromised Law Firm
Sygnia’s forensic analysis revealed that the source phishing email originated from a compromised law firm. The law firm was identified and informed of the incident.
Enhancing Resilience
Sygnia worked with the client to establish secure practices that enhanced resilience and helped prevent a recurrence of similar attacks.
A Sygnia team identified the full attack chain including the original phishing email, subsequent credential harvesting, and malicious access methods
RELATED CONTENT
Eradicating A Persistent Attacker
An advanced threat actor attacked the client. The threat actor gained domain admin privileges over the network, including access to critical servers and backups.
Log4J Attack Contained In Minutes
The client had previously engaged Sygnia to contain and eradicate an attacker, including deployment of Sygnia’s Advanced Monitoring for post-breach surveillance.
Data Breach Remediated and Resilience Enhanced
Sygnia was called in to respond to the breach. A Sygnia IR team fully identified the entry point and lateral movement vectors of the attacker.
By clicking Subscribe, I agree to the use of my personal data in accordance with Sygnia Privacy Policy. Sygnia will not sell, trade, lease, or rent your personal data to third parties.