Eradicating A Persistent Attacker

Threat-actor Repeatedly Attacks

An advanced threat actor attacked the client. The threat actor gained domain admin privileges over the network, including access to critical servers and backups.
The client successfully identified the breach and eradicated the attacker. However, the attacker exhibited a high degree of persistence and successfully re-infiltrated the environment. The client detected the reentry and eradicated the attacker again. At this point, the client’s security team reached out to Sygnia for assistance.

Sygnia Identifies A Familiar Adversary

We conducted a thorough investigation including an analysis of the alert history, critical paths and forensics. The attacker was identified as a ransomware specialist well-known to Sygnia’s incident response and threat intelligence teams. Our team assessed the likelihood of data exfiltration and conducted a full examination of potential data leaks.

Sygnia reviewed the investigational data to conclusively determine the infiltration point and scope of compromise. We observed that the threat actor had executed the attack just three hours after the initial infiltration Our team also performed an IoC search to ascertain that the threat-actor was no longer operating in the network, with no dormant backdoors remaining.

Eliminating Security Gaps

The client’s organizational readiness and cyber resilience were assessed through a holistic cyber posture analysis.  Sygnia worked with the client to develop and implement specific remediation measures that would eliminate security gaps and reduce the risk of another breach.