The client, a leading Energy as a Service (EaaS) provider operating across eight countries, experienced a business email compromise during a critical business deal. Overseas logins in their email system raised concerns. We conducted a thorough investigation to identify the threat actor's entry points and potential malware, ensuring a swift and effective response to the breach.

We followed a phased approach, including data collection, preservation, analysis, and reporting. Our investigation covered O365 accounts, email, OneDrive, and SharePoint, complemented by a dark web scan and security reviews. Post-remediation, we provided actionable recommendations to bolster security and mitigate future risks, restoring client operations and reinforcing customer trust in their resilience.