A client contacted us as they had an ongoing incident where internal e-mails were being forwarded to a third party.
The client was in the middle of an M&A process and was concerned that the commercial team had been targeted.
MDR Cyber responded to the incident, providing the clients incident team support to understand the technical attack.
We worked with the executive team to understand the current state of the M&A process and its participants to develop a strategy to minimise the commercial impact of the breach.
Our threat intelligence team analysed the indicators and tools, tactics and procedures (TTPs) used in the breach along with relevant geopolitical intelligence.
It became clear that several of the participants in the bidding process were nation state related and that the M&A involved strategically important sectors. Our intelligence showed that a specific nation state was likely the attacker.
We worked with our Corporate legal team to advise on the process, and to make recommendations on how to approach the participants who were now suspect. This resulted in the process being restarted, and a new commercial strategy being agreed to reduce the impact of any data leakage.
Our consulting services provided remediation advice, as well helping the client recruit the resources they needed to support an improved cyber security function.