Case Study: a large software development company eradicates a nation-state supply chain attack with NCC Group

Incident Response to a Nation-State Supply Chain Attack

NCC Group worked with a Large Software Development Company that detected suspicious connections from its network to one of its customers and suspected it had already contained the incident. Further investigation showed a sophisticated threat actor had been present for months, moving through multiple Windows domains and leaving behind a modular malware platform, prompting NCC Group to step in with incident response support and an EDR solution.

NCC Group deployed passive EDR to improve visibility, gather forensic triage data, and track the attacker’s activity while reverse engineering custom tooling and identifying tools such as ShadowPad and Poison Ivy. As a result, the full scope of the compromise was uncovered, the threat actor was removed, and the company received detailed reporting, timelines, IOC lists, and security recommendations to strengthen its overall posture.