Case Study: Large Financial Services Management Company achieves breach containment and hardened security posture with Palo Alto Networks Unit 42

Transforming security posture after state-sponsored cyberattack

A large U.S. financial services firm that manages client funds on cryptocurrency exchanges was hit by a state‑sponsored attack that stole several hundred thousand dollars in crypto. The adversary used spear‑phishing to install backdoors, later regained access via a persistence mechanism on a personal device to pivot through VPN and corporate systems, and the company urgently needed incident response, forensic investigation, and guidance for the CISO and board.

Palo Alto Networks Unit 42 quickly mapped the attack chain, attributed the intrusion to the Lazarus Group, removed the threat, and issued focused remediation guidance: ban personal devices from the corporate network, deploy EDR/XDR with an experienced MSSP, and tighten credential and network access controls. Unit 42 also coached security leaders on communicating with stakeholders—resulting in a significantly hardened security posture and a clear plan to reduce the risk of similar future attacks.