Why It’s Important
Email is one of the most valuable IT systems where organization share their plans, sensitive documents, chats….and even passwords.
UnderDefense, in cooperation with the Computer Emergency Response Team of Ukraine (CERT-UA) participated in a series of Incident Response cases in H1’2022 and noticed that Russian hackers and Ransomware groups shifted their focus to breaking into E-Mail Systems (primary on Exchange and Zimbra).
In this specific case, CrowdStrike EDR was in place and spotted an initial foothold but missed other critical backdoors and TTPs which were later disarmed by the UnderDefense 24×7 MDR/SOC Team. And the attacker was eventually kicked out of the network.
What You Will Learn
- Risks for email system as document exchange and integral part of business workflow
- Data theft via business email compromise in a targeted attack scenario
- Recent technical vulnerabilities and risks
- What data APT groups are hunting for in their targeted attack
- Arsenal used in this case
- Tools vs PPT
- Case Details
- BEC incident response playbook
- Recommendations and takeaways
- Read the text version in our blog: Russian APT vs CrowdStrike + MDR + Zimbra.
- Read more about our Managed Detection and Response Service (MDR).
- Download MRD Service Datasheet.
- Read more about our Incident Response Service.
- Discover all features of our Security Automation and Compliance Platform WarRoom.
- Need help? Contact Us.