Case Study: Large Financial Services Company stops serverless cloud C2 with Awake Security

Large Financial Services Company - Customer Case Study

Awake Security worked with a large financial services company facing a stealthy malware campaign that persisted as a malicious Microsoft Office add-in. The add-in only ran when Office applications like Microsoft Word started, which made it difficult to spot on both endpoints and the network, especially since the attackers used encrypted TLS traffic and an Azure serverless function for command and control.

Using the Awake Security Platform, Awake Security identified outlier connections tied to Microsoft Office startup behavior, analyzed encrypted traffic patterns, and correlated multiple threat signals to map the full attack. As a result, Awake Security exposed the serverless C2 infrastructure and rogue Office add-ins used for persistence, helping the customer uncover the full scope of the intrusion, though no quantitative impact was provided.