Mandiant Report 0 South Carolina.pdf
Mandiant Report 0 South Carolina
Case study report on the 2012 South Carolina Department of Revenue breach.
This page contains AI generated content. Errors or omissions may be present. Use human level critical thinking.
-
Q: What date was Mandiant contracted?A: October 12, 2012.
-
Q: What triggered the investigation?A: Law enforcement contacted the DoR on Oct 10, 2012, regarding stolen PII.
-
Q: What was the initial entry vector?A: A phishing email sent on August 13, 2012.
-
Q: How many valid user accounts were compromised?A: At least four.
-
Q: What encryption method was used for the data?A: AES 256-bit encryption.
-
Q: Did the attacker get the keys?A: The attacker stole the data key but not the Key Encrypting Key (KEK).
-
Q: How much data was exfiltrated?A: Approx 8.2 GB compressed, 74.7 GB uncompressed.
-
Q: What format was the data exfiltrated in?A: Encrypted 7-zip archives.
-
Q: How did the attacker move laterally?A: Using stolen credentials to log into the Citrix remote access portal.
-
Q: When was the containment plan executed?A: October 19-20, 2012.
Ask a question
Have a doubt or need clarification?
I’m here to help. Share your question, and I’ll get back to you with the guidance you need regarding the course.
Thank you!
I have received your message and I shall get back to you shortly.