Case studies. Red Teaming

Targeted Phishing on Cloud Services Provider Admin infrastructure Case

Successful phishing attacks revealed detection gaps in support and SOC teams, allowing unauthorized access without alerts.

schedule a call

The challenge

A red team engagement was conducted to evaluate the resilience of the security team against targeted phishing attacks. The objective was to assess both the response of the support team and the SOC team to phishing attempts that aimed to gain unauthorized access through AnyConnect/OVPN.

The solution

A series of phishing campaigns were launched:

A targeted phishing attempt on the Admin Support Team, which successfully led to command execution on the engineer’s side without triggering any detection alerts.
A targeted phishing attack on the SOC team that executed but was quickly mitigated, as the malware ran on a virtual machine that was immediately shut down. Due to significant awareness and reaction from C-level executives and the SOC team, this scenario was not further developed.

How we did it

Social engineering tactics were used to craft convincing phishing emails targeting support engineers.
The attack exploited weak initial access controls, specifically AnyConnect/OVPN.
The phishing payloads executed commands on the engineer’s workstation, demonstrating a critical gap in endpoint detection.
SOC response was monitored to evaluate reaction time and effectiveness in containment.

Conclusion

The test revealed a significant gap in phishing detection and response mechanisms for the support team. The lack of alerts allowed the attacker to gain initial access undetected. The SOC team demonstrated a better response time but still had areas to improve.

Recommendations included: