Shielding clients from a cyberattack aftermath
So the story goes that a major infrastructure provider COLT left their Sharepoint on-prem server (definitely not trendy in 2025) vulnerable to exploits that resulted in the attackers (apparently China-based) selling the whole stolen dataset with ±1M customer related files for $200.000 on dark web likely after an unsuccessful extortion attempt at Colt.
Where do we come in the story?
A lot of our clients have been using Colt and they are now at risk. Cyberattack guidebook, page 666. I know, we should be flying those broomsticks! But times like these, we use them to clean up the mess.