Services

Access a world-class intelligence capability tailored to your specific needs. Control a multi-million dollar program without the time or expense and solve problems both lasting and acute.

What is Managed Intelligence?

Case Studies

1 min read

Mitigating Advanced Threat Actors: Gaining Access to Closed Groups to Gain Insight into Vulnerability Disclosure and Further Litigation

Oct 1, 2020 7:20:58 AM

The Challenge

A retail client requested our assistance to identify an individual, who was also a paying customer, who wrote a python script that scraped a backend server. The customer had also previously published a WiFi vulnerability present at the company’s offices in the US. The client was aware of closed forums where this customer and other potential threat actors exchanged ideas about denigrating the client’s reputation, and asked Nisos to help understand the nature of the threat.

Why Nisos

The client’s security team did not have the ability to gain this access and required assistance from a partner that could not only gain access to closed forums, but do so with discretion and in a targeted fashion to uncover intelligence about specific threats to the client.

Preparation

Using mis-attributable internet capabilities, we gained access to a closed group of customers and employees who were talking about bringing legal action against the client. Many of the group members were also identified in another chat channel discussing obtaining insider information from the client’s employees. Using close access to the group, we were able to engage the actor online and build rapport.

Execution

Via direct interaction, we were able to identify the individual and determine the method he used to scrape the backend server. Further, after gaining access to a global chat channel with client customers from all over the world, we identified US customer grievances pertaining to payment during the COVID-19 pandemic. 

Customers were discussing additional withholding and canceling fees, as well as potential legal action against the client. We collected chat logs on the group’s plans and intentions for client’s counsel to review.

Impact

The company used this information to contact the individual and received further vulnerability details about the python script that the client was then able to escalate through their patch management process and avoid an incident. They were also able to use other information collected in chat sessions for administrative legal reviews of employee conduct. 

Written by Nisos

Post a Comment

Featured