Incident Response Leads to Collaboration with FBI and Takedown of a Global Threat Actor
During the course of an incident response, our engineers reverse engineered and decrypted a method of communication used by the threat actor to exfiltrate data. Accessing that overseas server enabled us to see hundreds of other customers that were actively compromised in real-time, including healthcare, government, education, and financial services accounts. In collaboration with one of the largest cybersecurity firms and the FBI, we were also able to prove that this threat actor was not deleting data even after receiving ransom payments. The FBI worked with a foreign government and the server was seized, and the trove of data led to a major takedown of an international cybercrime actor, and the publishing of significant findings that detailed major innerworkings in that syndicate.
Leave a Comment