Case Study: Higher Education Institution restores security and removes threat actor with NCC Group incident response

Incident Response for a Higher-Education Institution

NCC Group worked with a Higher Education Institution that had experienced signs of a serious security incident, including several servers being powered off and a staff member unable to log in. The challenge was made harder because one compromised laptop had already been wiped, leaving the investigation with missing evidence, while the attacker was using a legitimate user account to move through the network.

NCC Group deployed an EDR solution to improve visibility, support containment, and collect forensic triage data remotely. Using threat intelligence from prior Lapsus$ investigations, NCC Group traced the attacker’s activity, identified lateral movement and compromised accounts, and helped the customer block VPN and Remote Desktop access, reset passwords, and eradicate the threat. The institution was returned to an operational state, security posture was improved, and NCC Group provided a full report and ongoing EDR rollout across the estate.