An Attempted Heist:
How Ebryx Countered Cybercriminal Group Lazarus

In late 2018, cybercriminals conducted a multimillion-dollar raid on a mid-sized bank in Pakistan. In the chaotic aftermath of the breach, one of the country’s largest banking consortium was compromised by the notorious cybercrime collective, Lazarus. Overwhelmed by their sophisticated attacks, massive losses seemed inevitable – until Ebryx was called to assist.

Top 3 cyberattacks in 2022

Defusing the attempted heist

A tense war ensued. The adversary met Ebryx’s attempts to protect the client with new attack techniques and patterns. Each preventive control measure was met with new malware, target machines, and a revised attack path. Our talented security specialists acted at lightning speeds to counter, predict, and preemptively block these attacks.

To completely contain the attack, our analysts had to get to its core. Our incident response investigation found patient-zero to be an employee who had been tricked into sitting for an interview with the attackers. Our Digital Forensics and Incident Response (DFIR) team contained the attackers in a segment of the user LAN and cut off any possible paths leading to the consortium’s production server.

Why they chose Ebryx

The banking group knew what was at stake and decided to engage the best the industry had to offer. The consortium asked several DFIR service-providers to assist, who mostly overpromised and underdelivered. Eventually, an expert recommended Ebryx. To test Ebryx’s capability, the group challenged our team to identify the infected machines and produce a forensics report. The expertise and technical detail reflected in the initial test report impressed the consortium, which asked Ebryx to launch a full-scale response to the attack. Not wasting a precious second, our analysts dove straight into identifying the problem and isolating the attackers.

A happy ending

With Ebryx’s help, the banking consortium successfully contained the attack on their system. The intrusion made them aware of the gaps in their security posture previously unknown to them. The consortium asked Ebryx to conduct regular incident response drills to train their staff to respond to intrusions and to minimize risk. The attack revealed the gaps in the security posture of the finance network and in the areas where they stood to improve. Relieved to have contained the threat but cautious for the future, the banking consortium is now well-equipped to counter future cyberattacks.

Share the article with your friends

Related Posts

Blog
Posted by Editorial Staff Cloud technology has revolutionized business. In the age of lightning fast connectivity and communication, productivity and innovation have soared. Unfortunately, cloud environments are vulnerable to attack
May 22, 2023
3 Min Read
Blog
Posted by Editorial Staff In mid 2021, an organization in the telecommunication sector suffered a breach in their cybersecurity. Hackers compromised the company’s online services to target their end-users– putting
May 22, 2023
3 Min Read
Blog
Posted by Editorial Staff In late 2018 cybercriminals conducted a multimillion-dollar raid on a mid-sized bank. In the chaotic aftermath of the breach, one of the country’s largest banking consortium
May 22, 2023
3 Min Read

Have questions?
Let's talk.

Ebryx experts are ready to answer
your questions.

Contact us