In August 2022, SecurityScorecard was the target of a spear-phishing campaign involving two attacks. The first attack was an email claiming to be from SecurityScorecard’s Co-Founder and CEO. The email domain, however, was not known to or registered by SecurityScorecard. The second attack involved emails impersonating a vendor targeting SecurityScorecard employees.
This paper outlines the methodologies used to successfully defend against this attack, gain additional intelligence, and deny the threat actors use of its infrastructure. This paper is also intended to serve as a guide for security operations and threat hunting teams who wish to learn more about methods and tools they can leverage when conducting similar investigations for their organization.