VERY IMPORTANT

FireEye Mandiant responded to an incident at an Asian telecommunications company that involved an extortion email sent from the CEO’s work email account by an external attacker. The email was sent to employees and threatened to damage the company’s server infrastructure and publish or sell stolen customer information. The attacker demonstrated access to the company’s infrastructure by shutting down 35 non-critical servers. Though the attacker did not subsequently follow through on the extortion demand, the level of control they demonstrated by rebooting the servers prompted an immediate and extensive investigation.