You are a Threat Hunter in the SOC team of a prestigious law firm specializing in high-profile corporate cases. Your firm has recently suffered a data breach, where confidential client documents were leaked on a dark web forum. As part of your proactive threat-hunting initiative, you analyze security logs, network traffic, and endpoint activity to trace the attacker’s steps using the Cyber Kill Chain framework. Your investigation reveals that the attacker initially bypassed the firm’s multi-factor authentication (MFA) by masquerading as a legitimate user. Once inside, they moved laterally within the internal network, accessed sensitive client records from a shared file repository, and exfiltrated the data over an extended period. You are tasked to identify the attack phase within the Cyber Kill Chain framework to strengthen defenses against similar attacks. Implement proactive threat hunting measures to detect future intrusions before data exfiltration occurs. At which Cyber Kill Chain phase was the attack identified?
trishaval
4 days, 1 hour ago