Osprey Cyber Corporation (OCC) is a cyber security company that provide both offensive and defensive capabilities to customers including but not limited to private organisations, educational institutions, and government. Recently OCC has been engaged by RavenCorp; an organisation who develop drones and has seen some suspicious outbound traffic on their firewall. RavenCorp is headquartered in Sydney, Australia and also has a presence in Munich, Germany. Their environment comprises of both on-premise and cloud infrastructure. Upon conducting the incident response engagement, the following high-level findings were identified: a• On January 16, 2022, a phishing e-mail arrived where a user was tricked into disclosing their credentials to a website at Microsoft
b• The next day, the user's credentials were used to access a remote desktop server
c• The threat actor was able to run some software that allowed them to elevate their privileges to administrator and created several additional accounts in their corporate Active Directory with administrator rights
d• Over the next 6 months, the threat actor exfiltrated several terabytes of data.
This included:
a- Customer information including names, addresses, e-mail addresses, phone numbers, and credit card numbers
b-Personal information about employees of the organisation
c- Technical drawings for a prototype