This client is a successful late-stage VC-backed software company. We provide them with MDR, insider risk, compliance, cloud, and 24/7 application security.

Our monitoring security via Agency for Cloud alerted us that a company device was exhibiting behavioral patterns that resembled those of similar identity fraud scams linked to North Korea. This included the device fingerprint and the networks it was connected to, along with an external VPN.

Alongside our threat-hunting partner Crowdstrike Overwatch, we were able to confirm that the individual device was on the same network as known North Korean criminal hacking groups linked to stealing money from companies. We immediately activated incident response– evicting the user, collecting forensic evidence, and coordinating with law enforcement to assess potential damage. We helped the client change the credentials for all of their infrastructure services in synchrony, so the employee thought to be committing identity fraud would not be able to access any resources and thoroughly reviewed the client’s infrastructure logs to find any potentially malicious changes.

Agency made sure that the user was unable to steal any of the company’s data, protecting their privacy and brand while allowing them to go back to running their growing business as before.