Case Study: US-based public utility R&D organization eradicates stealthy gold-image malware and cryptominer with Trustwave SpiderLabs Managed Detection & Response

US-Based Organization - Customer Case Study

US-Based Organization, a U.S. firm doing large-scale public utility R&D for industrial heating/cooling, was expanding into Asia and using a shared “gold image” to speed deployments. That image unknowingly contained files that injected .dlls for remote command-and-control and installed a cryptominer, while attackers scanned SMB (port 445) for EternalBlue — so the organization engaged Trustwave’s Managed Detection & Response and SpiderLabs threat hunters.

Trustwave SpiderLabs conducted proactive threat hunting, identified the SMB scanning and the infected gold image, reverse-engineered the malware (linked to Dynamite Panda), added it to Trustwave threat intelligence, and implemented endpoint detection and eradication use cases. The result: Trustwave helped the US-Based Organization remove the cryptominer and C2 access across their environment, rebuild a clean gold image, and uncover a senior IT staff member abusing company resources, preventing further spread to new deployments.