Identifying and Eradicating the Ebury Rootkit
Scenario Our work with a newly onboarded client began with an immediate challenge: an active rootkit infection. At the time of our investigation, official documentation from the FBI and NHTCU had not yet been released, which required us to rely entirely on system forensics to identify the Ebury malware and determine the full extent of […]
Client File Transfer Protocol (FTP) Compromise and Phishing Kit Deployment
Scenario During our regular monitoring, we discovered that a domain hosted on a client’s server was compromised. Attackers created a deep, hidden directory within the site’s file structure to host a fraudulent financial login page. This infrastructure hijacking was used to deploy a phishing kit targeting financial services. By nesting this malicious page within a […]