Case Study: Cyber Threat Intelligence Investigation Following an Extortion Attempt

The issue

A government agency received a blackmail letter from a threat actor claiming to have accessed customer accounts within the agency's online portal. The actor demanded payment under the guise of penetration testing services, threatening to release sensitive account information if the agency did not comply. The agency needed to validate the threat, assess the scope of any compromise and determine its notification obligations.

How we assisted

Clayton Utz investigated the suspected compromise, reviewing the agency's findings. The technical analysis included authentication log examination, forensic assessment and extensive open-source and cyber threat intelligence gathering across the surface, deep and dark web.

The team identified credential stuffing as the likely attack method, linked to third-party breaches from a known malware campaign. Approximately twenty additional compromised accounts were detected, enabling swift containment and notification. The team also advised on improving security logging and alerting mechanisms to support a proactive security posture.

_Disclaimer

_{Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this communication. Persons listed may not be admitted in all States and Territories.}