The challenge
Active phishing attack — a suspicious email rule was detected in MDF Infra's Tencent Cloud Frankfurt environment. An attacker had gained access to an IAM account and was attempting to set up mail rules to intercept correspondence. Speed of response was critical to avoid operational impact and a data breach.
Our approach
Korur identified the suspicious IAM rule within 24 hours. The attacker's IP address was blocked, the malicious rule removed and all systems were secured immediately. We then analysed the full audit trail to map the impact and rule out any further compromise. Finally, hardening measures were applied so a similar incident cannot happen again.
The result
Incident resolved within 24 hours with minimal operational impact. The compliance audit was passed and MDF Infra now has a hardened IAM configuration with continuous monitoring.
Technologies
Want to secure your business too?
No-obligation conversation. Fixed price.