Dawning Realization On “D” Day—discovery day—the bank’s staff was unable to access a domain controller—a server that responds to security authentication requests within a Windows Server domain. An internal investigation discovered that a suspicious login account with domain administrator privileges had been created, enabling unrestricted access to thousands of Windows systems—both servers and clients—across the enterprise. The bank quickly realized that they were looking at the potential for many host systems to have been compromised. Based on its global reputation for dealing with advanced threat actors from around the world, the bank immediately retained Mandiant Incident Response services from FireEye to assist with an enterprise-wide investigation of the intrusion. The service

Join for free to read