- Home
- / Insights
- / Case Studies
- / Eradicating a Threat Actor From a Manufacturer’s System
Eradicating a Threat Actor From a Manufacturer’s System
-
September 11, 2024
-
After law enforcement informed a manufacturer of unauthorized access to its network, FTI Consulting contained the incident and determined its root cause.
Our Impact
- FTI Consulting’s investigation ensured the incident was contained and the threat actor was eradicated from the manufacturer’s network.
- Our experts determined that the root cause of the incident was a compromised employee credential used by the threat actor to gain unauthorized access.
- All impacted systems were secured upon our team's implementation of security measures, including the disabling of the compromised account and the application of multi-factor authentication (“MFA”).
- The manufacturer’s Chief Information Security Officer (“CISO”) noted the impressive availability and responsiveness of the FTI Consulting team throughout the investigation.
Our Role
- FTI Consulting began the investigation through outreach and engagement with sub-organization technical points of contact (“POCs”) on their network infrastructure and security tooling.
- Once the team received access to security tooling and security event logs, FTI Consulting immediately commenced threat hunting for any indication or evidence of unauthorized access, lateral movement or persistence by the threat actor.
- To understand the nature and extent of the activity, inclusive of the root cause and any evidence of unauthorized access, FTI Consulting conducted log analysis, digital forensics, endpoint detection and response (“EDR”) deployment, intelligence analysis, dark web monitoring and a cybersecurity investigation.
- All actions and findings were conducted under privilege and at the direction of both internal and external counsel.
Related Insights
Published
September 11, 2024
Key Contacts
Senior Managing Director