{"id":33651,"date":"2021-10-07T10:20:18","date_gmt":"2021-10-07T14:20:18","guid":{"rendered":"https:\/\/arcticwolf.com\/?page_id=33651"},"modified":"2025-12-12T13:29:18","modified_gmt":"2025-12-12T19:29:18","slug":"incident-response-timeline-microsoft-exchange-vulnerability","status":"publish","type":"page","link":"https:\/\/arcticwolf.com\/uk\/incident-response-timeline-microsoft-exchange-vulnerability\/","title":{"rendered":"Incident Response Timeline &#8211; Microsoft Exchange Vulnerability"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"33651\" class=\"elementor elementor-33651\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-d3db796 padding-control elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d3db796\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;,&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e4d010b\" data-id=\"e4d010b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-66bc4aa elementor-vertical-align-middle aw-asleep-signal elementor-invisible elementor-widget elementor-widget-image-box\" data-id=\"66bc4aa\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:100,&quot;_animation_mobile&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><span class=\"elementor-image-box-title\">Response Timeline<\/span><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2e79f15 premium-header-block size-control premium-lq__none premium-box-lq__none elementor-invisible elementor-widget elementor-widget-premium-addon-dual-header\" data-id=\"2e79f15\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_tablet&quot;:&quot;fadeInUp&quot;,&quot;_animation_mobile&quot;:&quot;fadeIn&quot;,&quot;_animation_delay&quot;:300}\" data-widget_type=\"premium-addon-dual-header.default\">\n\t\t\t\t\t\n\t\t<div class=\"elementor-widget-container\">\n\t\t<div class=\"premium-dual-header-wrapper\">\n\t\t\t\t\t<h2 class=\"premium-dual-header-first-header \"><span class=\"premium-dual-header-first-span\"><span class=\"gray-fade-text\" style=\"padding-bottom:10px\">Microsoft Exchange Vulnerability<\/span> <\/span><span class=\"premium-dual-header-second-header \"><span class=\"gr-text\">TIME From Detection to Escalation: 20 MINUTES<\/span><\/span><\/h2> \t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-82b2979 elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"82b2979\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:500,&quot;_animation_mobile&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"elementor-heading-title elementor-size-default\">In this real-world attack example, an Arctic Wolf customer in the construction industry experienced a vulnerability-based incident. The threat actor leveraged multiple Microsoft Exchange vulnerabilities for access, but Arctic Wolf helped this customer swiftly stop the incident and create a long-term fix for these vulnerabilities.<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9ddf226 elementor-align-center elementor-tablet-align-left elementor-mobile-align-center smoothScroll gr-button-os elementor-invisible elementor-widget elementor-widget-button\" data-id=\"9ddf226\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:600,&quot;_animation_mobile&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"#awTimeline-Section-01\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-long-arrow-alt-down\"><\/i>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Start The Attack<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-8c16042 elementor-hidden-desktop elementor-hidden-tablet aw-mobile-nav-toggle-wrap elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8c16042\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;,&quot;sticky&quot;:&quot;top&quot;,&quot;sticky_offset&quot;:100,&quot;sticky_offset_mobile&quot;:0,&quot;animation&quot;:&quot;none&quot;,&quot;animation_delay&quot;:300,&quot;_ha_eqh_enable&quot;:false,&quot;sticky_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;,&quot;mobile&quot;],&quot;sticky_effects_offset&quot;:0,&quot;sticky_anchor_link_offset&quot;:0}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-9810771 elementor-invisible\" data-id=\"9810771\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:200}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-467c56a elementor-widget elementor-widget-heading\" data-id=\"467c56a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\">View Timeline Navigation<\/h5>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-e73ef27 elementor-invisible\" data-id=\"e73ef27\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:300}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d35c2ae aw-mobile-nav-toggle elementor-widget elementor-widget-html\" data-id=\"d35c2ae\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<input class=\"tgl tgl-light\" id=\"cb1\" type=\"checkbox\"\/>\n    <label class=\"tgl-btn\" for=\"cb1\"><\/label>  \n<style>\n    .tgl {\n  display: none;\n}\n.tgl, .tgl:after, .tgl:before, .tgl *, .tgl *:after, .tgl *:before, .tgl + .tgl-btn {\n  box-sizing: border-box;\n}\n.tgl::-moz-selection, .tgl:after::-moz-selection, .tgl:before::-moz-selection, .tgl *::-moz-selection, .tgl *:after::-moz-selection, .tgl *:before::-moz-selection, .tgl + .tgl-btn::-moz-selection {\n  background: none;\n}\n.tgl::selection, .tgl:after::selection, .tgl:before::selection, .tgl *::selection, .tgl *:after::selection, .tgl *:before::selection, .tgl + .tgl-btn::selection {\n  background: none;\n}\n.tgl + .tgl-btn {\n  outline: 0;\n  display: block;\n  width: 4em;\n  height: 2em;\n  position: relative;\n  cursor: pointer;\n  -webkit-user-select: none;\n     -moz-user-select: none;\n      -ms-user-select: none;\n          user-select: none;\n}\n.tgl + .tgl-btn:after, .tgl + .tgl-btn:before {\n  position: relative;\n  display: block;\n  content: \"\";\n  width: 50%;\n  height: 100%;\n}\n.tgl + .tgl-btn:after {\n  left: 0;\n}\n.tgl + .tgl-btn:before {\n  display: none;\n}\n.tgl:checked + .tgl-btn:after {\n  left: 50%;\n}\n\n.tgl-light + .tgl-btn {\n  background: #f0f0f020;\n  border-radius: 2em;\n  padding: 2px;\n  transition: all 0.4s ease;\n}\n.tgl-light + .tgl-btn:after {\n  border-radius: 50%;\n  background: #fff;\n  transition: all 0.2s ease;\n}\n.tgl-light:checked + .tgl-btn {\n  background: #0059b2;\n}\n\n\n<\/style>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-3e1596f elementor-section-height-min-height padding-control elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"3e1596f\" data-element_type=\"section\" data-e-type=\"section\" id=\"awTimeline-Section-01\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c8e416f\" data-id=\"c8e416f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-e0104c2 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e0104c2\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-2519921\" data-id=\"2519921\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3c4ecbf premium-header-block premium-header-inline premium-lq__none premium-box-lq__none elementor-invisible elementor-widget elementor-widget-premium-addon-dual-header\" data-id=\"3c4ecbf\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeIn&quot;,&quot;_animation_delay&quot;:0}\" data-widget_type=\"premium-addon-dual-header.default\">\n\t\t\t\t\t\n\t\t<div class=\"elementor-widget-container\">\n\t\t<div class=\"premium-dual-header-wrapper\">\n\t\t\t\t\t<h2 class=\"premium-dual-header-first-header \"><span class=\"premium-dual-header-first-span\"> <\/span><span class=\"premium-dual-header-second-header \">On Tuesday, March 2, 2021<\/span><\/h2> \t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5f9e348 elementor-invisible elementor-widget elementor-widget-text-editor\" data-id=\"5f9e348\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"aw-type-text\">one week ahead of its typical Patch Tuesday release, Microsoft released an out-of-band patch to address <\/span><span class=\"Typewriter__wrapper\">multiple critical vulnerabilities in Microsoft Exchange, the company\u2019s email and calendar server.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-3c63feb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3c63feb\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-f476e52 column-pull-up-01 aw-timeline-columns-3 elementor-invisible\" data-id=\"f476e52\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:300,&quot;animation_mobile&quot;:&quot;fadeInDown&quot;,&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-dab5642 elementor-widget elementor-widget-heading\" data-id=\"dab5642\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">What do these vulnerabilities mean?<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-534ae8f hide-direction-mobile min-height-01 aw-has-interest-point hide-icon elementor-widget elementor-widget-ha-step-flow happy-addon ha-step-flow\" data-id=\"534ae8f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"ha-step-flow.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\n\t\t<div class=\"ha-steps-icon\">\n\t\t\t\n\t\t\t\n\t\t\t\t\t<\/div>\n\n\t\t<h4 class=\"ha-steps-title\">5:23 am<\/h4>\n\t\t\t\t\t<p class=\"ha-step-description\">These <span class=\"aw-interest-point data-tippy-interest-point-01\">Vulnerabilities<\/span> allowed\u202fattackers to take full control of a Microsoft Exchange Server exposed to the public internet. Microsoft reported that\u202fthese vulnerabilities\u202fwere being\u202factively exploited\u202fby HAFNIUM, a\u202fthreat\u202fgroup\u202fthey\u202fdescribe\u202fas state-sponsored and operating out of China, with attacks dating back to at least January 6, 2021.<\/p>\n\t\t\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-2229fd5 column-pull-up-02 aw-timeline-columns-3 elementor-invisible\" data-id=\"2229fd5\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:600,&quot;animation_mobile&quot;:&quot;fadeInDown&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-78f1dc1 attack-window-zone elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"78f1dc1\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-64e8fe7 aw-attack-zone\" data-id=\"64e8fe7\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3d816e4 aw-attack-zone ha-has-bg-overlay elementor-widget elementor-widget-heading\" data-id=\"3d816e4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">ATTACKER'S 5-MONTH WINDOW<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-5b47400 elementor-widget elementor-widget-html\" data-id=\"5b47400\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<ul class=\"aw-left-col-timeline\">\n  <li class=\"aw-left-col-timeline-item\">\n    <div class=\"_1_wPcfxg\">\n      <div class=\"_2N8qvg4M\">\n        <h2 class=\"_30Ix8WH2\">2021 March<\/h2>\n        <p>Microsoft releases out-of-band patch to address multiple critical vulnerabilities within Microsoft Exchange<\/p><\/div>\n    <\/div>\n  <\/li>\n  <li class=\"aw-left-col-timeline-item\">\n    <div class=\"_1_wPcfxg\">\n      <div class=\"_2N8qvg4M\">\n        <h2 class=\"_30Ix8WH2\">2021 April<\/h2>\n\t\t  <p>Microsoft releases security updates for a second set of RCE vulnerabilities within Microsoft Exchange <\/p>\n      <\/div>\n    <\/div>\n  <\/li>\n\t<li class=\"aw-left-col-timeline-item\">\n    <div class=\"_1_wPcfxg\">\n      <div class=\"_2N8qvg4M\">\n        <h2 class=\"_30Ix8WH2\">2021 May - July<\/h2>\n        <p>These collections of vulnerabilities are dubbed ProxyShell, with bad actors leveraging three separate vulnerabilities as part of a single attack to bypass authentication and execute code <\/p><\/div>\n    <\/div>\n  <\/li>\n  <li class=\"aw-left-col-timeline-item\">\n    <div class=\"_1_wPcfxg\">\n      <div class=\"_2N8qvg4M\">\n        <h2 class=\"_30Ix8WH2\">2021 2nd, August<\/h2>\n        <p>Customer completes onboarding with Arctic Wolf<\/p><\/div>\n    <\/div>\n  <\/li>\n<\/ul>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-be2d142 elementor-section-height-min-height padding-control elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"be2d142\" data-element_type=\"section\" data-e-type=\"section\" id=\"awTimeline-Section-02\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0f78208\" data-id=\"0f78208\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8e2ffa7 elementor-absolute elementor-widget__width-auto aw-timestamp-fade elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-heading\" data-id=\"8e2ffa7\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;motion_fx_motion_fx_scrolling&quot;:&quot;yes&quot;,&quot;motion_fx_translateX_effect&quot;:&quot;yes&quot;,&quot;motion_fx_translateX_direction&quot;:&quot;negative&quot;,&quot;motion_fx_translateX_speed&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:1,&quot;sizes&quot;:[]},&quot;_position&quot;:&quot;absolute&quot;,&quot;motion_fx_devices&quot;:[&quot;desktop&quot;],&quot;motion_fx_translateX_affectedRange&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:{&quot;start&quot;:0,&quot;end&quot;:100}}}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">17:00<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-090498a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"090498a\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-d750d1d\" data-id=\"d750d1d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b3bbd4d aw-has-interest-point elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"b3bbd4d\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:100}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><span class=\"aw-since-attack\">17:00<\/span> | Monday, 2 August<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a78b218 premium-header-block premium-header-inline premium-lq__none premium-box-lq__none elementor-invisible elementor-widget elementor-widget-premium-addon-dual-header\" data-id=\"a78b218\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:100}\" data-widget_type=\"premium-addon-dual-header.default\">\n\t\t\t\t\t\n\t\t<div class=\"elementor-widget-container\">\n\t\t<div class=\"premium-dual-header-wrapper\">\n\t\t\t\t\t<h2 class=\"premium-dual-header-first-header \"><span class=\"premium-dual-header-first-span\">Source: <\/span><span class=\"premium-dual-header-second-header \">Customer Onboarding<\/span><\/h2> \t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1f97241 elementor-invisible elementor-widget elementor-widget-html\" data-id=\"1f97241\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:300}\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"aw-active-icons-wrap text-align-left-mobile\">\n\t<img decoding=\"async\" alt=\"Arctic Wolf Attacker icon\" class=\"premium-flip-front-image aw-timeline-icon_attacker data-tippy-attacker data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-attacker-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Aurora Platform icon\" class=\"premium-flip-front-image aw-timeline-icon_platform data-tippy-platform_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-platform-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Customer icon\" class=\"premium-flip-front-image aw-timeline-icon_customer data-tippy-customer_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-customer-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Triage icon\" class=\"premium-flip-front-image aw-timeline-icon_triage data-tippy-triage_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-triage-icon_dark-230606.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf CST icon\" class=\"premium-flip-front-image aw-timeline-icon_cst data-tippy-cst_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-cst-icon_dark-230606.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-ec0716a column-pull-up-01 aw-timeline-columns-3 elementor-invisible\" data-id=\"ec0716a\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:300,&quot;animation_mobile&quot;:&quot;fadeInDown&quot;,&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-914a6ec hide-direction-mobile min-height-01 aw-has-interest-point hide-icon elementor-widget elementor-widget-ha-step-flow happy-addon ha-step-flow\" data-id=\"914a6ec\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"ha-step-flow.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\n\t\t<div class=\"ha-steps-icon\">\n\t\t\t\n\t\t\t\n\t\t\t\t\t<\/div>\n\n\t\t<h4 class=\"ha-steps-title\">5:23 am<\/h4>\n\t\t\t\t\t<p class=\"ha-step-description\"><span class='redacted data-tippy-redacted-customer'>[CUSTOMER]<\/span>  completes onboarding with Arctic Wolf five days prior with Service Delivery kicking off on Monday, August 2, 2021.<\/p>\n\t\t\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-a79cad8 elementor-section-height-min-height padding-control elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"a79cad8\" data-element_type=\"section\" data-e-type=\"section\" id=\"awTimeline-Section-03\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-698c7a6\" data-id=\"698c7a6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-5a6d8f2 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5a6d8f2\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-b1d9450 column-pull-up-01 aw-timeline-columns-3 elementor-invisible\" data-id=\"b1d9450\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:300,&quot;animation_mobile&quot;:&quot;fadeIn&quot;,&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3b1d77a hide-direction-mobile min-height-01 aw-has-interest-point hide-icon elementor-widget elementor-widget-ha-step-flow happy-addon ha-step-flow\" data-id=\"3b1d77a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"ha-step-flow.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\n\t\t<div class=\"ha-steps-icon\">\n\t\t\t\n\t\t\t\n\t\t\t\t\t<\/div>\n\n\t\t<h4 class=\"ha-steps-title\">5:23 am<\/h4>\n\t\t\t\t\t<p class=\"ha-step-description\">\n\tThe Arctic Wolf Agent observes<span class=\"aw-interest-point data-tippy-interest-point-02\">PowerShell<\/span>enumeration commands on <span class='redacted data-tippy-redacted-server'>[Exchange Server]<\/span> begins investigation into <span class='redacted data-tippy-redacted-user'>[User1]<\/span> activity.<\/p>\n\t\t\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c4e94a9 elementor-absolute elementor-widget__width-auto aw-timestamp-fade elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-heading\" data-id=\"c4e94a9\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;motion_fx_motion_fx_scrolling&quot;:&quot;yes&quot;,&quot;motion_fx_translateX_effect&quot;:&quot;yes&quot;,&quot;motion_fx_translateX_speed&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:1,&quot;sizes&quot;:[]},&quot;_position&quot;:&quot;absolute&quot;,&quot;motion_fx_devices&quot;:[&quot;desktop&quot;],&quot;motion_fx_translateX_affectedRange&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:{&quot;start&quot;:0,&quot;end&quot;:100}}}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">19:27<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-785a630 elementor-invisible\" data-id=\"785a630\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:600,&quot;animation_mobile&quot;:&quot;fadeIn&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a51f123  hide aw-since-attack-tooltip on-the-right elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"a51f123\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:0}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\"><span>2 Hours And 27 Minutes Since Attack<\/span><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d35a941 aw-has-interest-point elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"d35a941\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:100}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><span class=\"aw-since-attack\">19:27<\/span> | Saturday, 7 August <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6901085 premium-header-block premium-header-inline premium-lq__none premium-box-lq__none elementor-invisible elementor-widget elementor-widget-premium-addon-dual-header\" data-id=\"6901085\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:200}\" data-widget_type=\"premium-addon-dual-header.default\">\n\t\t\t\t\t\n\t\t<div class=\"elementor-widget-container\">\n\t\t<div class=\"premium-dual-header-wrapper\">\n\t\t\t\t\t<h2 class=\"premium-dual-header-first-header \"><span class=\"premium-dual-header-first-span\">Source: <\/span><span class=\"premium-dual-header-second-header \">Arctic Wolf Agent<\/span><\/h2> \t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-28cc225 elementor-invisible elementor-widget elementor-widget-html\" data-id=\"28cc225\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:300}\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"aw-active-icons-wrap text-align-right\">\n\t<img decoding=\"async\" alt=\"Arctic Wolf Attacker icon\" class=\"premium-flip-front-image aw-timeline-icon_attacker data-tippy-attacker_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-attacker-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Aurora Platform icon\" class=\"premium-flip-front-image aw-timeline-icon_platform data-tippy-platform data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-platform-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Customer icon\" class=\"premium-flip-front-image aw-timeline-icon_customer data-tippy-customer_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-customer-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Triage icon\" class=\"premium-flip-front-image aw-timeline-icon_triage data-tippy-triage_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-triage-icon_dark-230606.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf CST icon\" class=\"premium-flip-front-image aw-timeline-icon_cst data-tippy-cst_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-cst-icon_dark-230606.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-f68dc11 elementor-section-height-min-height padding-control elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"f68dc11\" data-element_type=\"section\" data-e-type=\"section\" id=\"awTimeline-Section-04\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ca8d6cd elementor-invisible\" data-id=\"ca8d6cd\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:100}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-04d3027 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"04d3027\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-558ac93 column-pull-up-01 aw-timeline-columns-3 elementor-invisible\" data-id=\"558ac93\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:300,&quot;animation_mobile&quot;:&quot;fadeIn&quot;,&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-51cbb40 hide-direction-mobile min-height-01 aw-has-interest-point hide-icon elementor-widget elementor-widget-ha-step-flow happy-addon ha-step-flow\" data-id=\"51cbb40\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"ha-step-flow.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\n\t\t<div class=\"ha-steps-icon\">\n\t\t\t\n\t\t\t\n\t\t\t\t\t<\/div>\n\n\t\t<h4 class=\"ha-steps-title\">5:23 am<\/h4>\n\t\t\t\t\t<p class=\"ha-step-description\">The Arctic Wolf Triage Team begins investigation and confirms enumeration commands are suspicious, possible\n<span class=\"aw-interest-point data-tippy-interest-point-04\"> Ryuk <\/span> Triage Team creates ticket and contacts <span class='redacted data-tippy-redacted-customer'>[customer]<\/span> .<\/p>\n\t\t\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-2e5bde5\" data-id=\"2e5bde5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d059fd5  hide aw-since-attack-tooltip on-the-left elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"d059fd5\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:0}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\"><span>2 Minutes Since Initial Activity<\/span><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-28dfe5a aw-has-interest-point elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"28dfe5a\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:100}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><span class=\"aw-since-attack\">19:29 - 19:47<\/span> | Saturday, 7 August<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3776279 premium-header-block premium-header-inline premium-lq__none premium-box-lq__none elementor-invisible elementor-widget elementor-widget-premium-addon-dual-header\" data-id=\"3776279\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:200}\" data-widget_type=\"premium-addon-dual-header.default\">\n\t\t\t\t\t\n\t\t<div class=\"elementor-widget-container\">\n\t\t<div class=\"premium-dual-header-wrapper\">\n\t\t\t\t\t<h2 class=\"premium-dual-header-first-header \"><span class=\"premium-dual-header-first-span\">Arctic Wolf Triage Team: <\/span><span class=\"premium-dual-header-second-header \">Investigation Begins<\/span><\/h2> \t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a402897 elementor-invisible elementor-widget elementor-widget-html\" data-id=\"a402897\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:300}\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"aw-active-icons-wrap text-align-left-mobile\">\n\t<img decoding=\"async\" alt=\"Arctic Wolf Attacker icon\" class=\"premium-flip-front-image aw-timeline-icon_attacker data-tippy-attacker_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-attacker-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Platform icon\" class=\"premium-flip-front-image aw-timeline-icon_platform data-tippy-platform data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-platform-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Customer icon\" class=\"premium-flip-front-image aw-timeline-icon_customer data-tippy-customer_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-customer-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Triage icon\" class=\"premium-flip-front-image aw-timeline-icon_triage data-tippy-triage_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-triage-icon_dark-230606.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf CST icon\" class=\"premium-flip-front-image aw-timeline-icon_cst data-tippy-cst_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-cst-icon_dark-230606.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-1d3caf1 elementor-absolute elementor-widget__width-auto aw-timestamp-fade elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-heading\" data-id=\"1d3caf1\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;motion_fx_motion_fx_scrolling&quot;:&quot;yes&quot;,&quot;motion_fx_translateX_effect&quot;:&quot;yes&quot;,&quot;motion_fx_translateX_direction&quot;:&quot;negative&quot;,&quot;motion_fx_translateX_speed&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:1,&quot;sizes&quot;:[]},&quot;_position&quot;:&quot;absolute&quot;,&quot;motion_fx_devices&quot;:[&quot;desktop&quot;],&quot;motion_fx_translateX_affectedRange&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:{&quot;start&quot;:0,&quot;end&quot;:100}}}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">19:29 - 19:47<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-c00355c elementor-section-height-min-height padding-control elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"c00355c\" data-element_type=\"section\" data-e-type=\"section\" id=\"awTimeline-Section-05\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-edecf22\" data-id=\"edecf22\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-f0fd17b elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"f0fd17b\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-709962d\" data-id=\"709962d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5dd365b elementor-absolute elementor-widget__width-auto aw-timestamp-fade elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-heading\" data-id=\"5dd365b\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;motion_fx_motion_fx_scrolling&quot;:&quot;yes&quot;,&quot;motion_fx_translateX_effect&quot;:&quot;yes&quot;,&quot;motion_fx_translateX_direction&quot;:&quot;negative&quot;,&quot;motion_fx_translateX_speed&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:1,&quot;sizes&quot;:[]},&quot;_position&quot;:&quot;absolute&quot;,&quot;motion_fx_devices&quot;:[&quot;desktop&quot;],&quot;motion_fx_translateX_affectedRange&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:{&quot;start&quot;:0,&quot;end&quot;:100}}}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">19:50<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-58bb10e  hide aw-since-attack-tooltip on-the-left elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"58bb10e\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:0}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\"><span>2 Hours And 50 Minutes Since Attack<\/span><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-476ab88 aw-has-interest-point elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"476ab88\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:100}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><span class=\"aw-since-attack\">19:50<\/span> | Saturday, 7 August<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a6875b7 premium-header-block aw-has-interest-point aw-interest-point-font-control premium-header-inline premium-lq__none premium-box-lq__none elementor-invisible elementor-widget elementor-widget-premium-addon-dual-header\" data-id=\"a6875b7\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:200}\" data-widget_type=\"premium-addon-dual-header.default\">\n\t\t\t\t\t\n\t\t<div class=\"elementor-widget-container\">\n\t\t<div class=\"premium-dual-header-wrapper\">\n\t\t\t\t\t<h2 class=\"premium-dual-header-first-header \"><span class=\"premium-dual-header-first-span\">Monitoring Continues: <\/span><span class=\"premium-dual-header-second-header \">Arctic Wolf Aurora<sup style=\"line-height:0px\">\u2122<\/sup> Platform<\/span><\/h2> \t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-334c41a elementor-invisible elementor-widget elementor-widget-html\" data-id=\"334c41a\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:300}\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"aw-active-icons-wrap text-align-left-mobile\">\n\t<img decoding=\"async\" alt=\"Arctic Wolf Attacker icon\" class=\"premium-flip-front-image aw-timeline-icon_attacker data-tippy-attacker_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-attacker-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Platform icon\" class=\"premium-flip-front-image aw-timeline-icon_platform data-tippy-platform_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-platform-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\n\t<img decoding=\"async\" alt=\"Arctic Wolf Customer icon\" class=\"ppremium-flip-front-image aw-timeline-icon_platform data-tippy-platform_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-customer-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Triage icon\" class=\"premium-flip-front-image aw-timeline-icon_triage data-tippy-triage data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-triage-icon_dark-230606.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf CST icon\" class=\"premium-flip-front-image aw-timeline-icon_cst data-tippy-cst_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-cst-icon_dark-230606.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t\n<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-761ff9c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"761ff9c\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-dcaaab3 column-pull-up-01 aw-timeline-columns-3 elementor-invisible\" data-id=\"dcaaab3\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:300,&quot;animation_mobile&quot;:&quot;fadeIn&quot;,&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e50eec9 hide-direction-mobile min-height-01 aw-has-interest-point hide-icon elementor-widget elementor-widget-ha-step-flow happy-addon ha-step-flow\" data-id=\"e50eec9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"ha-step-flow.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\n\t\t<div class=\"ha-steps-icon\">\n\t\t\t\n\t\t\t\n\t\t\t\t\t<\/div>\n\n\t\t<h4 class=\"ha-steps-title\">5:23 am<\/h4>\n\t\t\t\t\t<p class=\"ha-step-description\">Source: Arctic Wolf Agent\n<span class=\"aw-interest-point data-tippy-interest-point-05\"> SVN.exe<\/span> dropped to <span class='redacted data-tippy-redacted-customer'>[customer]<\/span> PowerShell Command \u201csvn.exe\u2013connect 135.181.x.x:443 \u2013Pass Pasword123\u201d\n\t<\/p>\n\t\t\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-df388dc elementor-invisible\" data-id=\"df388dc\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:600,&quot;animation_mobile&quot;:&quot;fadeIn&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c85dcfe elementor-widget elementor-widget-heading\" data-id=\"c85dcfe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Log Source: Arctic Wolf Sensor<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9e76bf1 elementor-widget elementor-widget-text-editor\" data-id=\"9e76bf1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>IP 135.181.x.x associated with C2 server in Finland<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-b93708d elementor-section-height-min-height padding-control elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"b93708d\" data-element_type=\"section\" data-e-type=\"section\" id=\"awTimeline-Section-06\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a47bc4a\" data-id=\"a47bc4a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-5114ac9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5114ac9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-079a81e\" data-id=\"079a81e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-acd2a5f  hide aw-since-attack-tooltip on-the-right elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"acd2a5f\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:0}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\"><span>3 Hours And 9 Minutes Since Attack<\/span><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a890b20 aw-has-interest-point elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"a890b20\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:100}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><span class=\"aw-since-attack\">20:08 | Saturday, 7 August<\/span> <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f79c5de premium-header-block premium-header-inline premium-lq__none premium-box-lq__none elementor-invisible elementor-widget elementor-widget-premium-addon-dual-header\" data-id=\"f79c5de\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:200}\" data-widget_type=\"premium-addon-dual-header.default\">\n\t\t\t\t\t\n\t\t<div class=\"elementor-widget-container\">\n\t\t<div class=\"premium-dual-header-wrapper\">\n\t\t\t\t\t<h2 class=\"premium-dual-header-first-header \"><span class=\"premium-dual-header-first-span\">Source: <\/span><span class=\"premium-dual-header-second-header \">Arctic Wolf Agent<\/span><\/h2> \t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1ecd168 elementor-invisible elementor-widget elementor-widget-html\" data-id=\"1ecd168\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:300}\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"aw-active-icons-wrap text-align-right\">\n\t<img decoding=\"async\" alt=\"Arctic Wolf Attacker icon\" class=\"premium-flip-front-image aw-timeline-icon_attacker data-tippy-attacker_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-attacker-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Aurora Platform icon\" class=\"premium-flip-front-image aw-timeline-icon_platform data-tippy-platform data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-platform-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Customer icon\" class=\"premium-flip-front-image aw-timeline-icon_customer data-tippy-customer_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-customer-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Triage icon\" class=\"premium-flip-front-image aw-timeline-icon_triage data-tippy-triage_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-triage-icon_dark-230606.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf CST icon\" class=\"premium-flip-front-image aw-timeline-icon_cst data-tippy-cst_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-cst-icon_dark-230606.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-655af11 aw-has-interest-point elementor-invisible\" data-id=\"655af11\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:400,&quot;animation_mobile&quot;:&quot;fadeIn&quot;,&quot;background_background&quot;:&quot;gradient&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6ef28e2 elementor-absolute elementor-widget__width-auto aw-timestamp-fade elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-heading\" data-id=\"6ef28e2\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;motion_fx_motion_fx_scrolling&quot;:&quot;yes&quot;,&quot;motion_fx_translateX_effect&quot;:&quot;yes&quot;,&quot;motion_fx_translateX_direction&quot;:&quot;negative&quot;,&quot;motion_fx_translateX_speed&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:1,&quot;sizes&quot;:[]},&quot;_position&quot;:&quot;absolute&quot;,&quot;motion_fx_devices&quot;:[&quot;desktop&quot;],&quot;motion_fx_translateX_affectedRange&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:{&quot;start&quot;:0,&quot;end&quot;:100}}}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">20:08 <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-64470ed elementor-invisible elementor-widget elementor-widget-text-editor\" data-id=\"64470ed\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<span class=\"redacted data-tippy-redacted-user\">[User1]<\/span> added to <span class=\"redacted data-tippy-redacted-server\">[Exchange Server]<\/span> local Administrators Group. Credentials to local <span class=\"redacted data-tippy-redacted-admin\">[Admin]<\/span> account were reset.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-a329580 elementor-section-height-min-height padding-control elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"a329580\" data-element_type=\"section\" data-e-type=\"section\" id=\"awTimeline-Section-07\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-859e6dc\" data-id=\"859e6dc\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-d4d905e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d4d905e\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-ef8c817\" data-id=\"ef8c817\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-efd529a hide aw-since-attack-tooltip on-the-left elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"efd529a\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:0}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\"><span>3 Hours And 9 Minutes Since Attack<\/span><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-38734c7 aw-has-interest-point aw-interest-point-font-control elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"38734c7\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><span class=\"aw-since-attack\">20:09 | Saturday, 7 August <\/span> <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9228728 premium-header-block premium-header-inline premium-lq__none premium-box-lq__none elementor-invisible elementor-widget elementor-widget-premium-addon-dual-header\" data-id=\"9228728\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:200}\" data-widget_type=\"premium-addon-dual-header.default\">\n\t\t\t\t\t\n\t\t<div class=\"elementor-widget-container\">\n\t\t<div class=\"premium-dual-header-wrapper\">\n\t\t\t\t\t<h2 class=\"premium-dual-header-first-header \"><span class=\"premium-dual-header-first-span\">Source: <\/span><span class=\"premium-dual-header-second-header \">SentinelOne \/ Arctic Wolf Agent<\/span><\/h2> \t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2b53810 elementor-invisible elementor-widget elementor-widget-html\" data-id=\"2b53810\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:300}\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"aw-active-icons-wrap text-align-left-mobile\">\n\t<img decoding=\"async\" alt=\"Arctic Wolf Attacker icon\" class=\"premium-flip-front-image aw-timeline-icon_attacker data-tippy-attacker_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-attacker-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Aurora Platform icon\" class=\"premium-flip-front-image aw-timeline-icon_platform data-tippy-platform data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-platform-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Customer icon\" class=\"premium-flip-front-image aw-timeline-icon_customer data-tippy-customer data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-customer-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Triage icon\" class=\"premium-flip-front-image aw-timeline-icon_triage data-tippy-triage_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-triage-icon_dark-230606.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf CST icon\" class=\"premium-flip-front-image aw-timeline-icon_cst data-tippy-cst_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-cst-icon_dark-230606.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-c80d86e aw-has-interest-point elementor-invisible\" data-id=\"c80d86e\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:100}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9d6bdaf elementor-absolute elementor-widget__width-auto aw-timestamp-fade elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-heading\" data-id=\"9d6bdaf\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;motion_fx_motion_fx_scrolling&quot;:&quot;yes&quot;,&quot;motion_fx_translateX_effect&quot;:&quot;yes&quot;,&quot;motion_fx_translateX_direction&quot;:&quot;negative&quot;,&quot;motion_fx_translateX_speed&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:1,&quot;sizes&quot;:[]},&quot;_position&quot;:&quot;absolute&quot;,&quot;motion_fx_devices&quot;:[&quot;desktop&quot;],&quot;motion_fx_translateX_affectedRange&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:{&quot;start&quot;:0,&quot;end&quot;:100}}}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">20:09 <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-4da2ea3 elementor-section-height-min-height elementor-section-boxed elementor-section-height-default\" data-id=\"4da2ea3\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-7772db4\" data-id=\"7772db4\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4a33aae elementor-invisible elementor-widget elementor-widget-text-editor\" data-id=\"4a33aae\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tAttempted lateral movement using <span class=\"redacted data-tippy-redacted-user\">[User1]<\/span> to <span class=\"redacted data-tippy-redacted-device\">[Device 1]<\/span> , <span class=\"redacted data-tippy-redacted-device\">[Device 2]<\/span> . <span class=\"redacted data-tippy-redacted-customer\">[Customer]<\/span> <span class=\"aw-interest-point data-tippy-interest-point-06\"> offline <\/span> <span class=\"redacted data-tippy-redacted-customer\">[Customer]<\/span> satisfied with containment for the moment.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-c1fe791 elementor-section-height-min-height padding-control elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"c1fe791\" data-element_type=\"section\" data-e-type=\"section\" id=\"awTimeline-Section-08\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-70e84b6\" data-id=\"70e84b6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-08663f7 elementor-section-boxed elementor-section-height-default elementor-section-height-default elementor-invisible\" data-id=\"08663f7\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:100,&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-b362859 aw-post-incident-zone\" data-id=\"b362859\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1f6afd4 elementor-widget elementor-widget-heading\" data-id=\"1f6afd4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\">Begin Post-Incident Zone<\/h5>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-6cf9518 fade-gradient-blue elementor-section-boxed elementor-section-height-default elementor-section-height-default elementor-invisible\" data-id=\"6cf9518\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;gradient&quot;,&quot;animation&quot;:&quot;fadeInUp&quot;,&quot;animation_delay&quot;:100,&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-30189c8\" data-id=\"30189c8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-44d620d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"44d620d\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-5104ba6 aw-has-interest-point\" data-id=\"5104ba6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8059b12 elementor-absolute elementor-widget__width-auto aw-timestamp-fade elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-heading\" data-id=\"8059b12\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;motion_fx_motion_fx_scrolling&quot;:&quot;yes&quot;,&quot;motion_fx_translateX_effect&quot;:&quot;yes&quot;,&quot;motion_fx_translateX_speed&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:1,&quot;sizes&quot;:[]},&quot;_position&quot;:&quot;absolute&quot;,&quot;motion_fx_devices&quot;:[&quot;desktop&quot;],&quot;motion_fx_translateX_affectedRange&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:{&quot;start&quot;:0,&quot;end&quot;:100}}}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">9:00<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2aa205f hide on-the-center aw-since-attack-tooltip elementor-widget elementor-widget-heading\" data-id=\"2aa205f\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;none&quot;,&quot;_animation_delay&quot;:600}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\"><span>Less than 30 Minutes Since Attack<\/span><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ff5acca aw-has-interest-point elementor-widget elementor-widget-heading\" data-id=\"ff5acca\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><span class=\"aw-since-attack\">9:00 | Monday, August<\/span><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-af5716f premium-header-block aw-has-interest-point aw-interest-point-font-control premium-header-inline premium-lq__none premium-box-lq__none elementor-widget elementor-widget-premium-addon-dual-header\" data-id=\"af5716f\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;none&quot;,&quot;_animation_delay&quot;:100}\" data-widget_type=\"premium-addon-dual-header.default\">\n\t\t\t\t\t\n\t\t<div class=\"elementor-widget-container\">\n\t\t<div class=\"premium-dual-header-wrapper\">\n\t\t\t\t\t<h2 class=\"premium-dual-header-first-header \"><span class=\"premium-dual-header-first-span\">Remediation <\/span><\/h2> \t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-55b2540 elementor-widget elementor-widget-html\" data-id=\"55b2540\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;none&quot;,&quot;_animation_delay&quot;:300}\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"aw-active-icons-wrap text-align-center\">\n\t<img decoding=\"async\" alt=\"Arctic Wolf Attacker icon\" class=\"premium-flip-front-image aw-timeline-icon_attacker data-tippy-attacker_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-attacker-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Platform icon\" class=\"premium-flip-front-image aw-timeline-icon_platform data-tippy-platform_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-platform-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Customer icon\" class=\"premium-flip-front-image aw-timeline-icon_customer data-tippy-customer_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-customer-icon_dark-210706.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf Triage icon\" class=\"premium-flip-front-image aw-timeline-icon_triage data-tippy-triage_inactive data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-triage-icon_dark-230606.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n\t\n\t<img decoding=\"async\" alt=\"Arctic Wolf CST icon\" class=\"premium-flip-front-image aw-timeline-icon_cst data-tippy-cst data-tippy-styles lazyload\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2023\/06\/aw-timeline-cst-icon_dark-230606.png\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 185px; --smush-placeholder-aspect-ratio: 185\/185;\">\n<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c5c1807 aw-has-interest-point elementor-widget elementor-widget-heading\" data-id=\"c5c1807\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Arctic Wolf sets up virtual call with <span class=\"redacted data-tippy-redacted-customer\">[CUSTOMER]<\/span> to step through the remediation process.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-d7b4ea8 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d7b4ea8\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-1c64881\" data-id=\"1c64881\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-eae2144 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-invisible elementor-widget elementor-widget-icon-box\" data-id=\"eae2144\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h4 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\tDelete SVN.exe \t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h4>\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-becf949 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-invisible elementor-widget elementor-widget-icon-box\" data-id=\"becf949\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h4 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\tDelete <span class=\"redacted data-tippy-redacted-user\">[User1]<\/span> account and reset <span class=\"redacted data-tippy-redacted-admin\">[Admin]<\/span> account\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h4>\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5e00421 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-invisible elementor-widget elementor-widget-icon-box\" data-id=\"5e00421\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h4 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\tReset credentials for any cached users on <span class=\"redacted data-tippy-redacted-server\">[Exchange Server]<\/span> \t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h4>\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8ce648d elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-invisible elementor-widget elementor-widget-icon-box\" data-id=\"8ce648d\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h4 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\tReset any domain credentials that accessed the server after Saturday, August 7\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h4>\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-78e84b5 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-invisible elementor-widget elementor-widget-icon-box\" data-id=\"78e84b5\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h4 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\tImplement firewall blocking rules\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h4>\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-50ab534 elementor-widget elementor-widget-heading\" data-id=\"50ab534\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Next, the security <span class=\"gr-text-aurora\">journey continues<\/span><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-2e47e0a aw-timeline-nav__wrapper  elementor-section-boxed elementor-section-height-default elementor-section-height-default elementor-invisible\" data-id=\"2e47e0a\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;animation&quot;:&quot;fadeInUp&quot;,&quot;animation_delay&quot;:600,&quot;background_background&quot;:&quot;gradient&quot;,&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-116e830\" data-id=\"116e830\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8508577 aw-timeline-events-header animated-slow elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"8508577\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeIn&quot;,&quot;_animation_delay&quot;:1300}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h6 class=\"elementor-heading-title elementor-size-default\"><span class=\"gr-text\">Attack Timeline:<\/span><\/h6>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7d09f5d elementor-widget elementor-widget-html\" data-id=\"7d09f5d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\n    <nav id=\"aw-vert-timeline-nav\">\n      <ul class=\"nav\">\n\n        <li>\n          <a href=\"#awTimeline-Section-01\" class=\"smoothScroll\">\n            <span class=\"aw-timeline-nav__counter\">17:00<\/span>\n            <h3 class=\"aw-timeline-nav__title\">Onboarding<\/h3>\n\t\t\t<p class=\"aw-timeline-nav__body\"><i class=\"fas fa-arrow-right\"><\/i> Service Delivery<\/p>\n          <\/a>\n        <\/li>\n\n        <li>\n          <a href=\"#awTimeline-Section-02\" class=\"smoothScroll\">\n            <span class=\"aw-timeline-nav__counter\">19:27<\/span>\n            <h3 class=\"aw-timeline-nav__title\">Detection<\/h3>\n\t\t\t<p class=\"aw-timeline-nav__body\"><i class=\"fas fa-arrow-right\"><\/i>Point of Attack<\/p>\n          <\/a>\n        <\/li>\n\n        <li>\n          <a href=\"#awTimeline-Section-03\" class=\"smoothScroll\">\n            <span class=\"aw-timeline-nav__counter\">19:29-19:47<\/span>\n            <h3 class=\"aw-timeline-nav__title\">Investigation<\/h3>\n\t\t\t<p class=\"aw-timeline-nav__body\"><i class=\"fas fa-arrow-right\"><\/i>2 minutes since attack<\/p>\n          <\/a>\n        <\/li>\n        \n        <li>\n          <a href=\"#awTimeline-Section-04\" class=\"smoothScroll\">\n            <span class=\"aw-timeline-nav__counter\">19:50<\/span>\n            <h3 class=\"aw-timeline-nav__title\">Aurora Platform<sup style=\"line-height: 0px;\">TM<\/sup><\/h3>\n\t\t\t<p class=\"aw-timeline-nav__body\"><i class=\"fas fa-arrow-right\"><\/i>23 mins since attack<\/p>\n          <\/a>\n        <\/li>\n        \n        <li>\n          <a href=\"#awTimeline-Section-05\" class=\"smoothScroll\">\n            <span class=\"aw-timeline-nav__counter\">20:08<\/span>\n            <h3 class=\"aw-timeline-nav__title\">Escalation<\/h3>\n\t\t\t<p class=\"aw-timeline-nav__body\"><i class=\"fas fa-arrow-right\"><\/i> Triage Takes Action <\/p>\n          <\/a>\n        <\/li>\n\t\t  \n\t\t  <li>\n          <a href=\"#awTimeline-Section-06\" class=\"smoothScroll\">\n            <span class=\"aw-timeline-nav__counter\">20:09<\/span>\n            <h3 class=\"aw-timeline-nav__title\">Containment<\/h3>\n\t\t\t<p class=\"aw-timeline-nav__body\"><i class=\"fas fa-arrow-right\"><\/i>42 minutes since attack<\/p>\n          <\/a>\n        <\/li>\n\t\t  \n\t\t  <li>\n          <a href=\"#awTimeline-Section-07\" class=\"smoothScroll\">\n            <span class=\"aw-timeline-nav__counter\">9:00<\/span>\n            <h3 class=\"aw-timeline-nav__title\">Remediation<\/h3>\n\t\t\t<p class=\"aw-timeline-nav__body\"><i class=\"fas fa-arrow-right\"><\/i> Ongoing Investigations<\/p>\n          <\/a>\n        <\/li>\n        \n        <li>\n          <a href=\"#awTimeline-Section-08\" class=\"smoothScroll\">\n            <span class=\"aw-timeline-nav__counter\">9:00<button id=\"aw-confetti\" class=\"confetti-button\"><i aria-hidden=\"true\" class=\"fas fa-flag-checkered\"><\/i> Skip to Resolution<\/button><\/span>\n            <h3 class=\"aw-timeline-nav__title\">Post-Inncident<\/h3>\n\t\t\t<p class=\"aw-timeline-nav__body\"><i class=\"fas fa-arrow-right\"><\/i>Call with Customer<\/p>\n          <\/a>\n        <\/li>\n\n      <\/ul>\n    <\/nav>\n    \n    <script>\n           let button = document.getElementById(\"aw-confetti\");\n\n    button.addEventListener('click', (e) => {\n        e.preventDefault;\n        e.target.classList.toggle(\"animate\");\n\n        setTimeout(function () {\n            e.target.classList.remove('animate');\n        }, 700);\n    }, false);\n    <\/script>\n    \n    <style>\n.confetti-button {\n    display: block;\n    font-size: 20px;\n    padding:0px !important;\n    padding-top:5px !important;\n    appearance: none;\n    background-color: transparent !important;\n    color: #fff;\n    border-radius: 0px;\n    border: none;\n    cursor: pointer;\n    position: relative;\n    transition: transform ease-in 0.1s, box-shadow ease-in 0.25s;\n    box-shadow:none;\n    text-transform: uppercase;\n}\n.active button#aw-confetti {\n    height: 0px;\n    padding: 0px !important;\n    overflow: hidden;\n}\n\n.confetti-button:focus {\n    outline: 0;\n}\n\n.confetti-button:before, .confetti-button:after {\n    position: absolute;\n    content: '';\n    display: block;\n    width: 140%;\n    height: 100%;\n    left: -20%;\n    z-index: -1000;\n    transition: all ease-in-out 0.5s;\n    background-repeat: no-repeat;\n}\n\n.confetti-button:before {\n    display: none;\n    top: -75%;\n    background-image: radial-gradient(circle, #ffffff 20%, transparent 20%),\n    radial-gradient(circle, transparent 20%, #ffffff 20%, transparent 30%),\n    radial-gradient(circle, #ffffff 20%, transparent 20%),\n    radial-gradient(circle, #ffffff 20%, transparent 20%),\n    radial-gradient(circle, transparent 10%, #ffffff 15%, transparent 20%),\n    radial-gradient(circle, #ffffff 20%, transparent 20%),\n    radial-gradient(circle, #ffffff 20%, transparent 20%),\n    radial-gradient(circle, #ffffff 20%, transparent 20%),\n    radial-gradient(circle, #ffffff 20%, transparent 20%);\n    background-size: 10% 10%,\n    20% 20%,\n    15% 15%,\n    20% 20%,\n    18% 18%,\n    10% 10%,\n    15% 15%,\n    10% 10%,\n    18% 18%;\n}\n\n.confetti-button:after {\n    display: none;\n    bottom: -75%;\n    background-image: radial-gradient(circle, #ffffff 20%, transparent 20%),\n    radial-gradient(circle, #ffffff 20%, transparent 20%),\n    radial-gradient(circle, transparent 10%, #ffffff 15%, transparent 20%),\n    radial-gradient(circle, #ffffff 20%, transparent 20%),\n    radial-gradient(circle, #ffffff 20%, transparent 20%),\n    radial-gradient(circle, #ffffff 20%, transparent 20%),\n    radial-gradient(circle, #ffffff 20%, transparent 20%);\n    background-size: 15% 15%,\n    20% 20%,\n    18% 18%,\n    20% 20%,\n    15% 15%,\n    10% 10%,\n    20% 20%;\n}\n\n.confetti-button:active {\n    transform: scale(0.9);\n    background-color: transparent;\n    box-shadow: 0 2px 25px rgba(255, 215, 52, 0.2);\n}\n\n.confetti-button.animate:before {\n    display: block;\n    animation: topBubbles ease-in-out 0.75s forwards;\n}\n\n.confetti-button.animate:after {\n    display: block;\n    animation: bottomBubbles ease-in-out 0.75s forwards;\n}\n\n@keyframes topBubbles {\n    0% {\n        background-position: 5% 90%,\n        10% 90%,\n        10% 90%,\n        15% 90%,\n        25% 90%,\n        25% 90%,\n        40% 90%,\n        55% 90%,\n        70% 90%;\n    }\n    50% {\n        background-position: 0 80%,\n        0 20%,\n        10% 40%,\n        20% 0,\n        30% 30%,\n        22% 50%,\n        50% 50%,\n        65% 20%,\n        90% 30%;\n    }\n    100% {\n        background-position: 0 70%,\n        0 10%,\n        10% 30%,\n        20% -10%,\n        30% 20%,\n        22% 40%,\n        50% 40%,\n        65% 10%,\n        90% 20%;\n        background-size: 0 0,\n        0 0,\n        0 0,\n        0 0,\n        0 0,\n        0 0;\n    }\n}\n\n@keyframes bottomBubbles {\n    0% {\n        background-position: 10% -10%,\n        30% 10%,\n        55% -10%,\n        70% -10%,\n        85% -10%,\n        70% -10%,\n        70% 0;\n    }\n    50% {\n        background-position: 0 80%,\n        20% 80%,\n        45% 60%,\n        60% 100%,\n        75% 70%,\n        95% 60%,\n        105% 0;\n    }\n    100% {\n        background-position: 0 90%,\n        20% 90%,\n        45% 70%,\n        60% 110%,\n        75% 80%,\n        95% 70%,\n        110% 10%;\n        background-size: 0 0,\n        0 0,\n        0 0,\n        0 0,\n        0 0,\n        0 0;\n    }\n}\n    <\/style>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-260e7df elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"260e7df\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;,&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ab7fcc5\" data-id=\"ab7fcc5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1d48952 aw-zone-hide-signal elementor-invisible elementor-widget elementor-widget-image\" data-id=\"1d48952\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"\/how-it-works\/concierge-delivery-model\/\" target=\"_blank\">\n\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"852\" src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2024\/11\/cst-icon-1024x852.png\" class=\"attachment-large size-large wp-image-114052\" alt=\"\" srcset=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2024\/11\/cst-icon-1024x852.png 1024w, https:\/\/arcticwolf.com\/wp-content\/uploads\/2024\/11\/cst-icon-300x250.png 300w, https:\/\/arcticwolf.com\/wp-content\/uploads\/2024\/11\/cst-icon.png 1097w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1933d75 premium-header-block aw-zone-hide-trigger premium-lq__none premium-box-lq__none elementor-invisible elementor-widget elementor-widget-premium-addon-dual-header\" data-id=\"1933d75\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_mobile&quot;:&quot;none&quot;,&quot;_animation_tablet&quot;:&quot;none&quot;,&quot;_animation_delay&quot;:100}\" data-widget_type=\"premium-addon-dual-header.default\">\n\t\t\t\t\t\n\t\t<div class=\"elementor-widget-container\">\n\t\t<div class=\"premium-dual-header-wrapper\">\n\t\t\t\t\t<h2 class=\"premium-dual-header-first-header \"><span class=\"premium-dual-header-first-span\"><span class=\"gr-text-grey\">Security journey<\/span> <\/span><\/h2> \t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-74125ce elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"74125ce\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:200}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">with our <span class=\"gr-text-aurora\">concierge security<sup style=\"line-height:0px\">\u00ae<\/sup>team<\/span>\n<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-92d533f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"92d533f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-c1e7be4 aw-has-interest-point\" data-id=\"c1e7be4\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c6b4f92 aw-has-interest-point elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"c6b4f92\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Although many managed detection and response services would end once the threat was remediated, the <span class=\"aw-interest-point data-tippy-interest-point-09\">Concierge Security<sup style=\"line-height:0px\">\u00ae<\/sup> Team<\/span> is focused on using this attack to improve the security posture of the customer.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-d1f21ba elementor-section-height-min-height elementor-section-boxed elementor-section-height-default\" data-id=\"d1f21ba\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-3c372c5\" data-id=\"3c372c5\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-69f13b0 aw-has-interest-point elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"69f13b0\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">The Arctic Wolf Concierge Security Team provides your team with coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-67688c6 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-invisible elementor-widget elementor-widget-icon-box\" data-id=\"67688c6\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h4 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\tArctic Wolf CST initiates vulnerability scan on <span class=\"redacted data-tippy-redacted-user\">[User1]<\/span> account and reset <span class=\"redacted data-tippy-redacted-server\">[Exchange Server]<\/span>. The scan identifies missing critical patches dating back 6+ months, including zero-days.\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h4>\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3c4aa46 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-invisible elementor-widget elementor-widget-icon-box\" data-id=\"3c4aa46\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h4 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\t <span class=\"redacted data-tippy-redacted-customer\">[Customer]<\/span> confirms their third-party patching tool is malfunctioning.\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h4>\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c0fad33 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-invisible elementor-widget elementor-widget-icon-box\" data-id=\"c0fad33\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h4 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\t Arctic Wolf CST delivers script to identify Exchange\u202fbreaches prior to Arctic Wolf onboarding, and the script identifies Backdoor:ASP\/Buonpower.A!dha.\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h4>\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6d0ddf2 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-invisible elementor-widget elementor-widget-icon-box\" data-id=\"6d0ddf2\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h4 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\t Pre-existing webshell is removed.\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h4>\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f9551ca elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-invisible elementor-widget elementor-widget-icon-box\" data-id=\"f9551ca\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h4 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\tMulti-factor authentication (MFA) for VPN and Office 365 enabled.\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h4>\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b5159c4 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-invisible elementor-widget elementor-widget-icon-box\" data-id=\"b5159c4\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h4 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\t GPO to prevent enumeration created.\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h4>\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-cf2da1a elementor-section-stretched industry-attacks elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cf2da1a\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;stretch_section&quot;:&quot;section-stretched&quot;,&quot;background_background&quot;:&quot;classic&quot;,&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-aeca58f elementor-invisible\" data-id=\"aeca58f\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeInUp&quot;,&quot;animation_delay&quot;:600}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-7fd6323 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7fd6323\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;,&quot;animation&quot;:&quot;none&quot;,&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-b3241ac\" data-id=\"b3241ac\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1c6b45a premium-header-inline premium-lq__none elementor-invisible elementor-widget elementor-widget-premium-addon-dual-header\" data-id=\"1c6b45a\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"premium-addon-dual-header.default\">\n\t\t\t\t\t\n\t\t<div class=\"elementor-widget-container\">\n\t\t<div class=\"premium-dual-header-wrapper\">\n\t\t\t\t\t<h2 class=\"premium-dual-header-first-header \"><span class=\"premium-dual-header-first-span\">Arctic Wolf prioritises keeping our customers and the general public informed of new vulnerabilities and security risks. <\/span><\/h2> \t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e1bb829 elementor-align-center elementor-tablet-align-center elementor-mobile-align-center elementor-invisible elementor-widget elementor-widget-button\" data-id=\"e1bb829\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:600,&quot;_animation_mobile&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"\/uk\/resources\/tag\/security-bulletins\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">View Our always up-to-date Security Bulletins.<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-bdd52c9 elementor-section-stretched industry-attacks elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bdd52c9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;stretch_section&quot;:&quot;section-stretched&quot;,&quot;background_background&quot;:&quot;gradient&quot;,&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ba91c62\" data-id=\"ba91c62\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-fae6f5f elementor-section-boxed elementor-section-height-default elementor-section-height-default elementor-invisible\" data-id=\"fae6f5f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;animation&quot;:&quot;fadeInUp&quot;,&quot;animation_delay&quot;:100,&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-5ce12a3\" data-id=\"5ce12a3\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2d3eb91 elementor-widget elementor-widget-heading\" data-id=\"2d3eb91\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Real-<span class=\"gr-text-aurora-light\">World Examples<\/span><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-6c6f423 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6c6f423\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-e7d97bf\" data-id=\"e7d97bf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2307ee5 premium-header-inline premium-lq__none elementor-widget elementor-widget-premium-addon-dual-header\" data-id=\"2307ee5\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;none&quot;}\" data-widget_type=\"premium-addon-dual-header.default\">\n\t\t\t\t\t\n\t\t<div class=\"elementor-widget-container\">\n\t\t<div class=\"premium-dual-header-wrapper\">\n\t\t\t\t\t<h2 class=\"premium-dual-header-first-header \"><span class=\"premium-dual-header-first-span\">Microsoft Exchange Vulnerabilities and Patch Guidance <\/span><\/h2> \t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-49f7b11 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"49f7b11\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-a4a5639\" data-id=\"a4a5639\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b69786b elementor-widget elementor-widget-text-editor\" data-id=\"b69786b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In the example above, an attacker leveraged the Microsoft Exchange Vulnerabilities released in early 2021 on a customer in the construction industry.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0ec7f03 elementor-widget elementor-widget-text-editor\" data-id=\"0ec7f03\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tDetailed guidance and links to available patches have been provided by Microsoft <a href=\"https:\/\/support.microsoft.com\/en-gb\/topic\/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-april-13-2021-kb5001779-8e08f3b3-fc7b-466c-bbb7-5d5aa16ef064\">here.<\/a>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-1a3e834 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1a3e834\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-a03f9d6 elementor-invisible\" data-id=\"a03f9d6\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:0}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-96713c5 elementor-widget elementor-widget-image\" data-id=\"96713c5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"470\" height=\"379\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/12\/Account-Compromise-icon-REMOTE-HACK-1.png\" class=\"attachment-medium_large size-medium_large wp-image-128818 lazyload\" alt=\"\" data-srcset=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/12\/Account-Compromise-icon-REMOTE-HACK-1.png 470w, https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/12\/Account-Compromise-icon-REMOTE-HACK-1-300x242.png 300w\" data-sizes=\"(max-width: 470px) 100vw, 470px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 470px; --smush-placeholder-aspect-ratio: 470\/379;\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-06514a6 elementor-widget elementor-widget-heading\" data-id=\"06514a6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><a style=\"color: #0099FF\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-gb\/vulnerability\/CVE-2021-28480\" target=\"_blank\">CVE-2021-28480<\/a><\/span>\u202fand <a style=\"color: #0099FF\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-gb\/vulnerability\/CVE-2021-28481\" target=\"_blank\">CCVE-2021-28481<\/a><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8f44123 elementor-widget elementor-widget-text-editor\" data-id=\"8f44123\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tThese require no prior authentication for an attacker to achieve remote code execution.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0632ff1 elementor-align-left elementor-tablet-align-center elementor-mobile-align-left elementor-widget elementor-widget-button\" data-id=\"0632ff1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/support.microsoft.com\/en-gb\/topic\/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-april-13-2021-kb5001779-8e08f3b3-fc7b-466c-bbb7-5d5aa16ef064\" target=\"_blank\" rel=\"nofollow\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-arrow-right\"><\/i>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">MORE ABOUT MICROSOFT EXCHANGE SERVER PATCHES<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-017d9f1 elementor-invisible\" data-id=\"017d9f1\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:0}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a5a1ef4 elementor-widget elementor-widget-image\" data-id=\"a5a1ef4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"455\" height=\"437\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/01\/AW-Icon-Aurora-Border-CEO_FRAUD.png\" class=\"attachment-medium_large size-medium_large wp-image-123860 lazyload\" alt=\"CEO Fraud Icon\" data-srcset=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/01\/AW-Icon-Aurora-Border-CEO_FRAUD.png 455w, https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/01\/AW-Icon-Aurora-Border-CEO_FRAUD-300x288.png 300w\" data-sizes=\"(max-width: 455px) 100vw, 455px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 455px; --smush-placeholder-aspect-ratio: 455\/437;\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3c89e13 elementor-widget elementor-widget-heading\" data-id=\"3c89e13\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><a style=\"color: #0099FF\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-gb\/vulnerability\/CVE-2021-28482\" target=\"_blank\">CVE-2021-28482<\/a><\/span>\u202fand\u202f<a style=\"color: #0099FF\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-us\/vulnerability\/CVE-2021-28483\" target=\"_blank\">CVE-2021-28483\u202f<\/a><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d493ca9 elementor-widget elementor-widget-text-editor\" data-id=\"d493ca9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tThese require an attacker to have some level of privileges first to be able to achieve remote code execution\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-593ec96 elementor-align-left elementor-tablet-align-center elementor-mobile-align-center elementor-widget elementor-widget-button\" data-id=\"593ec96\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/support.microsoft.com\/en-gb\/topic\/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-april-13-2021-kb5001779-8e08f3b3-fc7b-466c-bbb7-5d5aa16ef064\" target=\"_blank\" rel=\"nofollow\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-arrow-right\"><\/i>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">MORE ABOUT MICROSOFT EXCHANGE SERVER PATCHES<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-ff4c0ce elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ff4c0ce\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-9c1f687 elementor-invisible\" data-id=\"9c1f687\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:0}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-09af48d elementor-widget elementor-widget-image\" data-id=\"09af48d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"470\" height=\"487\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/12\/Account-Compromise-icon-SYSTEM-ERROR.png\" class=\"attachment-medium_large size-medium_large wp-image-128817 lazyload\" alt=\"\" data-srcset=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/12\/Account-Compromise-icon-SYSTEM-ERROR.png 470w, https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/12\/Account-Compromise-icon-SYSTEM-ERROR-290x300.png 290w\" data-sizes=\"(max-width: 470px) 100vw, 470px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 470px; --smush-placeholder-aspect-ratio: 470\/487;\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d5367e8 elementor-widget elementor-widget-heading\" data-id=\"d5367e8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">CVE-2021-26857\u202f<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-18ae958 elementor-widget elementor-widget-text-editor\" data-id=\"18ae958\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tAn insecure deserialization vulnerability in the Unified Messaging service.\u202fExploiting this vulnerability can provide an attacker with the ability to run code as SYSTEM on the Exchange Server.\u202fThis vulnerability requires administrator privileges or another vulnerability to exploit. Microsoft has observed HAFNIUM chain CVE-2021-26855 with this vulnerability to authenticate using elevated privileges.\u202f\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bac276e elementor-align-left elementor-tablet-align-center elementor-mobile-align-center elementor-widget elementor-widget-button\" data-id=\"bac276e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/support.microsoft.com\/en-gb\/topic\/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-april-13-2021-kb5001779-8e08f3b3-fc7b-466c-bbb7-5d5aa16ef064\" target=\"_blank\" rel=\"nofollow\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-arrow-right\"><\/i>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">MORE ABOUT MICROSOFT EXCHANGE SERVER PATCHES<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-718755a elementor-invisible\" data-id=\"718755a\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeIn&quot;,&quot;animation_delay&quot;:0}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-64d50d5 elementor-widget elementor-widget-image\" data-id=\"64d50d5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"470\" height=\"483\" data-src=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/12\/Account-Compromise-icon-EXCHANGE.png\" class=\"attachment-medium_large size-medium_large wp-image-128815 lazyload\" alt=\"\" data-srcset=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/12\/Account-Compromise-icon-EXCHANGE.png 470w, https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/12\/Account-Compromise-icon-EXCHANGE-292x300.png 292w\" data-sizes=\"(max-width: 470px) 100vw, 470px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 470px; --smush-placeholder-aspect-ratio: 470\/483;\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c1000da elementor-widget elementor-widget-heading\" data-id=\"c1000da\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">CVE-2021-26858 and CVE-2021-27065\u202f <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e029cc8 elementor-widget elementor-widget-text-editor\" data-id=\"e029cc8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"padding-bottom: 5px;\">These two are post-authentication arbitrary file write vulnerabilities in Exchange.\u202f<\/p><p>If an attacker can authenticate with the Exchange Server, then they can use one of these vulnerabilities to write a file to any path on the server. Microsoft also observed HAFNIUM chain CVE-2021-26855 with this one to authenticate with elevated privileges.\u202f<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7ac2cab elementor-align-left elementor-tablet-align-center elementor-mobile-align-center elementor-widget elementor-widget-button\" data-id=\"7ac2cab\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/support.microsoft.com\/en-gb\/topic\/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-april-13-2021-kb5001779-8e08f3b3-fc7b-466c-bbb7-5d5aa16ef064\" target=\"_blank\" rel=\"nofollow\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-arrow-right\"><\/i>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">MORE ABOUT MICROSOFT EXCHANGE SERVER PATCHES<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-904d991 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"904d991\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;,&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7485d55 elementor-invisible\" data-id=\"7485d55\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeInUp&quot;,&quot;animation_mobile&quot;:&quot;fadeInUp&quot;,&quot;animation_delay&quot;:200}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-2370a78 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2370a78\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;gradient&quot;,&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-586e581\" data-id=\"586e581\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9adb13c elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"9adb13c\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInLeft&quot;,&quot;_animation_mobile&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Arctic Wolf Helps Customers Manage Vulnerabilities<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c0e5300 elementor-invisible elementor-widget elementor-widget-text-editor\" data-id=\"c0e5300\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInLeft&quot;,&quot;_animation_tablet&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:100,&quot;_animation_mobile&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5>At Arctic Wolf, we help our customers develop workflows to ensure that critical risks are assigned to the right individuals within the department to identify, prioritise, and patch as quickly as possible. We keep track of known vulnerabilities you have been unable to patch and, with Arctic Wolf\u00ae\u202fManaged Detection and Response, monitor those systems for IOCs. Our Concierge Security Team works proactively to improve security posture overall within our customer, so that if a major vulnerability does hit the damage is better contained.<\/h5>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9b8f198 elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"9b8f198\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInLeft&quot;,&quot;_animation_delay&quot;:300,&quot;_animation_mobile&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">We're here to help.<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-aa93efe elementor-invisible elementor-widget elementor-widget-text-editor\" data-id=\"aa93efe\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInLeft&quot;,&quot;_animation_mobile&quot;:&quot;fadeIn&quot;,&quot;_animation_delay&quot;:300}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tGene<span class=\"gr-text-aurora\">ral Questions\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6b1d1eb elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-invisible elementor-widget elementor-widget-icon-box\" data-id=\"6b1d1eb\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInLeft&quot;,&quot;_animation_delay&quot;:350,&quot;_animation_mobile&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<span  class=\"elementor-icon elementor-animation-grow\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-phone-alt\"><\/i>\t\t\t\t<\/span>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h3 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<span  >\n\t\t\t\t\t\t\t1-888-272-8429\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-63cf0b4 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-invisible elementor-widget elementor-widget-icon-box\" data-id=\"63cf0b4\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInLeft&quot;,&quot;_animation_delay&quot;:400,&quot;_animation_mobile&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<a href=\"\/resources\/\" class=\"elementor-icon elementor-animation-grow\" tabindex=\"-1\" aria-label=\"Arctic Wolf Resource Library\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-file-alt\"><\/i>\t\t\t\t<\/a>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h3 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<a href=\"\/resources\/\" >\n\t\t\t\t\t\t\tArctic Wolf Resource Library\t\t\t\t\t\t<\/a>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0c03ba0 elementor-position-inline-start elementor-view-default elementor-mobile-position-block-start elementor-invisible elementor-widget elementor-widget-icon-box\" data-id=\"0c03ba0\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInLeft&quot;,&quot;_animation_delay&quot;:450,&quot;_animation_mobile&quot;:&quot;fadeIn&quot;}\" data-widget_type=\"icon-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-box-wrapper\">\n\n\t\t\t\t\t\t<div class=\"elementor-icon-box-icon\">\n\t\t\t\t<a href=\"mailto:ask@arcticwolf.com\" class=\"elementor-icon elementor-animation-grow\" tabindex=\"-1\" aria-label=\"ask@arcticwolf.com\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-envelope\"><\/i>\t\t\t\t<\/a>\n\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t\t<div class=\"elementor-icon-box-content\">\n\n\t\t\t\t\t\t\t\t\t<h3 class=\"elementor-icon-box-title\">\n\t\t\t\t\t\t<a href=\"mailto:ask@arcticwolf.com\" >\n\t\t\t\t\t\t\task@arcticwolf.com\t\t\t\t\t\t<\/a>\n\t\t\t\t\t<\/h3>\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-340e6ab\" data-id=\"340e6ab\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;none&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ba62ab0 aw-newsletter-form elementor-widget elementor-widget-ArcticWolf-marketo-form\" data-id=\"ba62ab0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"ArcticWolf-marketo-form.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\n    \n    <!-- Main Form Styles for Floating Lables-->\n    <link href=\"https:\/\/cybersecurity.arcticwolf.com\/rs\/840-OSQ-661\/images\/AW-mkto-floating-form-labels-styles-211027.css\" rel=\"stylesheet\">\n\n    <!-- Mkto Form Core Scripts-->\n    <script data-ot-ignore src=\"\/\/cybersecurity.arcticwolf.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n    <form id=\"mktoForm_4723\" onsubmit=\"try {_6si.send(event); } catch (error) { console.error(error);}\"><\/form>\n    <script>MktoForms2.loadForm(\"\/\/cybersecurity.arcticwolf.com\", \"840-OSQ-661\", 4723, function(form) {\n        \t\t\t\n         var formElement = form.getFormElem()[0];\n         formElement.addEventListener(\"submit\", function(event) {\n         window.SixSenseEvent = event;\n         console.info(\"6sense: Form submit initiated.\");\n     });\n     formElement.getElementsByTagName('button')[0].setAttribute('name', 'mktoButton_' + form.getId());\n     formElement.setAttribute('name', 'mktoForm_' + form.getId());\n     form.onSuccess(function() {\n\ttry {\t \n\t if (_6si) {\n     _6si.send(window.SixSenseEvent);\n        console.info(\"6sense: Form submit completed.\");\n     } else {\n         console.warn(\"6sense: Event object not found. Form fill not logged.\");\n     }\n\t} catch (error) {console.error(error);}\n     });\n    });<\/script>\n\n    <!-- Form Script for Styling Attributes-->\n    <script type=\"text\/javascript\" src=\"https:\/\/cybersecurity.arcticwolf.com\/rs\/840-OSQ-661\/images\/AW-mkto-form-style-attributes-210628.js\"><\/script>\n\n    <!-- Floating label script-->\n    <script>\n\n        function floatingLabels() {\n            jQuery('.mktoRadioList, .mktoCheckboxList').parent().children('label').addClass('d-none');\n            jQuery('.mktoForm select:not(\"#Consent_Opt_In__c\") option:nth-of-type(1)').html(\"\");\n\n            var inputs = jQuery('.mktoForm input[type=url], .mktoForm input[type=text], .mktoForm input[type=date], .mktoForm input[type=tel], .mktoForm input[type=email], .mktoForm input[type=number], .mktoForm textarea.mktoField, .mktoForm select.mktoField');\n\n            jQuery(inputs).focus(function(){\n                var fieldID = jQuery(this).attr('id');\n                fieldLabel = 'label.mktoLabel[for=' + fieldID +']';\n                jQuery(fieldLabel).addClass('activeLabel')\n            });\n\n            jQuery(inputs).blur(function(){\n                var fieldID = jQuery(this).attr('id');\n                fieldLabel = 'label.mktoLabel[for=' + fieldID +']';\n                if (jQuery(this).val() == \"\"){\n                    jQuery(fieldLabel).removeClass('activeLabel');\n                }\n            });\n        }\n\n        jQuery(window).on('load',function(){\n            jQuery(document).ready(function() {\n        \t   MktoForms2.whenReady(function (form){\n                 jQuery(floatingLabels)\n                 jQuery('form.mktoForm').on('change', floatingLabels);\n        \t   });\n            });\n        });\n    <\/script>\n\n    <style>\n        form.mktoForm input[type=url], form.mktoForm input[type=text], form.mktoForm input[type=date], form.mktoForm input[type=tel], form.mktoForm input[type=email], form.mktoForm input[type=number], form.mktoForm textarea.mktoField, form.mktoForm select.mktoField, form.mktoForm label.mktoLabel, form.mktoForm .mktoRadioList, form.mktoForm .mktoCheckboxList, form.mktoForm select.mktoField.mktoInvalid:active, form.mktoForm select.mktoField.mktoInvalid:focus, form.mktoForm .mktoCaptchaDisclaimer {\n            color:  #FFFFFF !important;\n        }\n\n        form.mktoForm label.mktoLabel.activeLabel {\n            color: #0099FF !important;\n        }\n\n        form.mktoForm input[type=url], form.mktoForm input[type=text], form.mktoForm input[type=date], form.mktoForm input[type=tel], form.mktoForm input[type=email], form.mktoForm input[type=number], form.mktoForm textarea.mktoField, form.mktoForm select.mktoField {\n            border-bottom: 1px solid #FFFFFF1F !important;\n        }\n\n        form.mktoForm input[type=url]:focus, form.mktoForm input[type=text]:focus, form.mktoForm input[type=date]:focus, form.mktoForm input[type=tel]:focus, form.mktoForm input[type=email]:focus, form.mktoForm input[type=number]:focus, form.mktoForm textarea.mktoField:focus, form.mktoForm select.mktoField:focus {\n            box-shadow: 0 1px 0 0 #0099FF !important;\n            border-bottom: 1px solid #0099FF !important;\n        }\n\n            <\/style>\n\n    \t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-inner-section elementor-element elementor-element-cc81f28 aw-resources-dark elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cc81f28\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-8270ffe\" data-id=\"8270ffe\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b6f3d1f elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"b6f3d1f\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInDown&quot;,&quot;_animation_delay&quot;:400}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Additional <span class=\"gr-text-aurora\">Resources<\/span><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c6a0b5e elementor-invisible elementor-widget elementor-widget-template\" data-id=\"c6a0b5e\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeIn&quot;,&quot;_animation_delay&quot;:600}\" data-widget_type=\"template.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-template\">\n\t\t\t\t\t<div data-elementor-type=\"section\" data-elementor-id=\"57710\" class=\"elementor elementor-57710\" data-elementor-post-type=\"elementor_library\">\n\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-e36c56c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e36c56c\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2c5558d\" data-id=\"2c5558d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-46520a8 elementor-widget elementor-widget-html\" data-id=\"46520a8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div id=\"pf-embed\"><\/div>\n<style>\n\n#pf-embed a.lb-inpage-item div:nth-of-type(1) {\n    padding-top: 55%;\n}\ndiv#qa-website-inject-item-image-0, div#qa-website-inject-item-image-1, div#qa-website-inject-item-image-2 {\n    background-position:center center;\n\tborder-radius: 10px;\n}\na.lb-inpage-item {\n    width: 33.333%;\n    padding: 15px;\n    margin: 10px;\n    background: linear-gradient(0deg, transparent, #CDDCF3);\n    border-radius: 10px;\n\tposition: relative;\n\ttransition: all .25s linear;\n}\na.lb-inpage-item:hover {\n    transform: translateY(-5px);\n}\n\t\n#pf-embed a.lb-inpage-item div:nth-of-type(1):hover:after {\n    color: #0066ff;\n}\n#pf-embed a.lb-inpage-item div:nth-of-type(1):after {\n    content: 'READ MORE \u2192';\n    position: absolute;\n    bottom: -25px;\n    font-size: 14px;\n    letter-spacing: 1px;\n    color: #0099ff;\n    font-weight: 600;\n    justify-content: center;\n    display: flex;\n    width: calc(100% - 30px);\n    transition: all .25s linear;\n}\n#pf-embed a.lb-inpage-item div:nth-of-type(2) {\n    color: black;\n    font-size: 21px;\n    font-family: 'Encode Sans', sans-serif;\n    padding: 10px 0px 25px 0;\n    font-weight: 500;\n    line-height: 1.3em;\n    margin-top: 0;\n    margin-left: 0px;\n    margin-right: 0px;\n\ttext-align: center;\n    }\n#qa-website-inject-title {\n        display: none;\n    }\n#pf-embed a.lb-inpage-item div:nth-of-type(1){transition: all .25s linear;} \n\t\n#pf-embed a.lb-inpage-item div:nth-of-type(1):hover {\n    transition: all 0.25s;\n}\n#pf-embed a.lb-inpage-item div:nth-of-type(1):hover div#qa-website-inject-item-image-0, #pf-embed a.lb-inpage-item div:nth-of-type(1):hover div#qa-website-inject-item-image-1, #pf-embed a.lb-inpage-item div:nth-of-type(1):hover div#qa-website-inject-item-image-2 {\n    height: 200px;\n    box-shadow: 0px -1px 25px #888;\n}\n@media (max-width: 768px) {\na.lb-inpage-item {\n    padding: 0px;\n}\n#pf-embed a.lb-inpage-item div:nth-of-type(2) {\n    padding: 18px 0px 10px 0;\n    font-size: 17px;\n    }\n#qa-website-inject-items {\n        display: block;\n        width: 100%;\n        max-width: 450px;\n        margin: 0 auto;\n    }\n    #pf-embed a.lb-inpage-item div:nth-of-type(1):after {\ndisplay: none;\n}\ndiv#qa-website-inject-item-title-0, div#qa-website-inject-item-title-1, div#qa-website-inject-item-title-2 {\n    margin-bottom: 10px;\n}\n}\n<\/style>\n<script>\njQuery(document).ready(function () {\n    jQuery(window).scroll(function(){\n        var pfURLtrigger = parseInt(jQuery(window).scrollTop());\n\n        if (pfURLtrigger > 500) {\n            jQuery('#pf-embed a').each(function() {\n    var href = jQuery(this).attr('href');\n    if (href) {\n        var url = new URL(href);\n        url.searchParams.set(\"lb-mode\", \"overlay\");\n        jQuery(this).attr('href', url.href);\n    }\n});\n        }\n    });\n});\n<\/script>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8a77b3f elementor-align-center elementor-tablet-align-center gr-button-blue elementor-invisible elementor-widget elementor-widget-button\" data-id=\"8a77b3f\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeIn&quot;,&quot;_animation_delay&quot;:700}\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"\/resources\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">VISIT THE RESOURCE LIBRARY<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4bd6ae0 elementor-widget elementor-widget-html\" data-id=\"4bd6ae0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\n<style>\t\n\/*SWITCH FROM HORIZ TO VERT*\/\n\/*dark resources*\/\na.form-stat{\n    color:#ffffff;\n    display: block;\n    font-size: 11px;\n    font-weight: 400;\n    line-height: 22px;\n}\na.form-stat:hover{\n    text-decoration: underline;\n    opacity:.8;\n}\n.aw-resources-dark a.lb-inpage-item {\n    background:linear-gradient(0deg, transparent 20%, #0099ff60);\n    position: relative;\n    transition: all .25s linear;\n}\n.aw-resources-dark #pf-embed a.lb-inpage-item div:nth-of-type(2){\n    color:#ffffff;\n}\n.aw-resources-dark a.lb-inpage-item:after {\n    content: \"\";\n    position: absolute;\n    inset: 0px;\n    border-radius: 10px;\n    padding: 2px;\n    background: linear-gradient(to bottom, #0099ff, transparent);\n    -webkit-mask: linear-gradient(#fff 0 0) content-box, linear-gradient(#fff 0 0);\n    -webkit-mask-composite: xor;\n    mask-composite: exclude;\n\tpointer-events: none;\n    z-index: 1;\n}\n.aw-resources-dark a.lb-inpage-item:hover {\n    transform: translateY(-5px);\n}\n.aw-resources-dark #pf-embed a.lb-inpage-item div:nth-of-type(1):after {\n    width: calc(100% - 40px);\n}\n\/*end resources*\/\n\n\/* Attack zone timeline section*\/\n\n.aw-left-col-timeline-item h2 {\n    font-family: \"Lato\", Sans-serif;\n    font-size: 15px;\n    font-weight: 600;\n    line-height: 15px;\n    color: #fff;\n\tmargin-bottom: 10px;\n}\n.aw-left-col-timeline-item span {\n    color: #A7A7A7;\n    font-family: \"Lato\", Sans-serif;\n    font-size: 14px;\n    font-weight: 300;\n    line-height: 13px;\n}\n.aw-left-col-timeline-item p {\n    color: #f1f1f1;\n    font-family: \"Lato\", Sans-serif;\n    font-size: 15px;\n    font-weight: 300;\n    line-height: 20px;\n}\nli.aw-left-col-timeline-item:not(:last-of-type):before {\n    content: \"\";\n    position: absolute;\n    height: 100%;\n    width: 1px;\n    left: 3.5px;\n    top: calc(.5em - 4px);\n    background: repeating-linear-gradient( \n-45deg , transparent, transparent 25%, #a55151 0, #a55151 50%), transparent;\n    background-size: 0.5em 0.5em;\n}\nli.aw-left-col-timeline-item:after {\n    content: \"\";\n    top: calc(.5em - 8px);\n    left: -3px;\n    position: absolute;\n    display: inline-block;\n    box-sizing: border-box;\n    width: 15px;\n    height: 15px;\n    border: 1px solid #ffffff;\n    border-radius: 50%;\n    background-color: #fff;\n    flex-shrink: 0;\n}\nli.aw-left-col-timeline-item, ul.aw-left-col-timeline {\n    position: relative;\n}\nli.aw-left-col-timeline-item {\n    padding-left: 30px;\n    padding-bottom: 30px;\n}\n\t\n.attack-window-zone {\n    display: block;\n    background: repeating-linear-gradient( \n-45deg , transparent, transparent 25%, #a55151 0, #a55151 50%), transparent;\n    background-size: 0.4em 0.4em;\n}\n\n\/* End Attack zone timeline section*\/\n\n\n.gr-text-grey{\n    background: radial-gradient(50% 110% at bottom right, #ffffff25, #ffffff49, #ffffff89, white, white);\n    -webkit-background-clip: text;\n    -webkit-text-fill-color: transparent;\n    background-clip: text;\n    text-fill-color: transparent;\n    -webkit-box-decoration-break: clone;\n}\n.fade-gradient-blue:before{\n    content: \"\";\n    position: absolute;\n    inset: 0px;\n    border-radius: 10px;\n    padding: 2px;\n    background: linear-gradient(90deg, #0066ff, #0066ff80, #0066ff00, #0066ff80, #0066ff);\n    -webkit-mask: linear-gradient(#fff 0 0) content-box, linear-gradient(#fff 0 0);\n    -webkit-mask-composite: xor;\n    mask-composite: exclude;\n    z-index: 1;\n    }\n.max-width-step6{\n    max-width:800px;\n    margin:auto;\n}\nform.mktoForm a:hover{color:#ffffff !important;}\n.interest-point-in-checkboxes li.premium-bullet-list-content{overflow:visible !important;}\n.redacted {\n    background: #fff;\n    color: #000;\n    padding: 5px;\n    padding-left:7px;\n    font-size: 75%;\n    position: relative;\n    top: -3px;\n    letter-spacing: .1em;\n    text-transform: uppercase;\n    font-family: \"IBM Plex Mono\", Sans-serif !important;\n}\n.gr-text-aurora {\n  background: linear-gradient(120deg, white 5%, #0099ff 40%, #0099ff 55%, #0079FF 70%, #0065CC);\n  -webkit-background-clip: text;\n  -webkit-text-fill-color: transparent;\n  -webkit-box-decoration-break: clone;\n}\n.gr-text-aurora-light {\n  background: linear-gradient(150deg, black 5%, #0099ff 40%, #0099ff 55%, #0079FF 70%, #0065CC);\n  -webkit-background-clip: text;\n  -webkit-text-fill-color: transparent;\n  -webkit-box-decoration-break: clone;\n}\n.gray-fade-text {\n  background: radial-gradient(50% 110% at bottom right, #ffffff25, #ffffff49, #ffffff89, white, white);\n  -webkit-background-clip: text;\n  -webkit-text-fill-color: transparent;\n  background-clip: text;\n  text-fill-color: transparent;\n  -webkit-box-decoration-break: clone;\n}\n.gray-fade-text-light {\n  background: radial-gradient(50% 110% at bottom right, #00000049, #00000089, black);\n  -webkit-background-clip: text;\n  -webkit-text-fill-color: transparent;\n  background-clip: text;\n  text-fill-color: transparent;\n  -webkit-box-decoration-break: clone;\n}\n\/*end switch to Vert*\/\n\t\n\t\n\t\n\t\n.aw-mins-passed{display:block;font-size:17px;text-transform:uppercase;text-align:left;}\n\n.aw-since-attack{\ncolor:#ffffff;\n}\n.aw-since-attack-tooltip span {\n    background: #fff;\n    padding: 5px;\n    border-radius: 2px;\n    position: relative;\n}\n.aw-since-attack-tooltip span:before {\n    content: \"\";\n    position: absolute;\n    border-color: transparent;\n    border-style: solid;\n    bottom: -7px;\n    right: 60px;\n    border-width: 8px 8px 0;\n    border-top-color: initial;\n    transform-origin: center top;\n    color: #fff;\n}\n.on-the-left.aw-since-attack-tooltip span:before {\n    right: inherit;\n    left: 30px;\n}\n.aw-since-attack-tooltip.on-the-center span:before{\n    right:calc(50% - 2px);\n} \n\n.aw-post-incident-zone {\n    background: repeating-linear-gradient( -45deg , transparent, transparent 25%, #ffffff20 0, #ffffff15 50%), transparent;\n    background-size: 0.4em 0.4em;\n}\nspan.aw-post-incident-text {\n    background-image: linear-gradient(to right, #4452a3 , #41378e);\n    padding: 10px 25px;\n}\n\n#awTimeline-Section-06 .elementor-icon-box-icon {\n    margin-top: 10px;\n}\t\n.entry-content{\n    background-image: url('\/wp-content\/uploads\/2025\/01\/AW-Gr-Blur-BG_vertical_03-250102.jpg');\n    background-attachment: fixed;\n    background-size: cover;\n    background-color:#160913;\n\tbackground-position: center center;\n}\n\t\nimg.aw-stepflow-icon {\n    max-width: 100px;\n    display: block;\n    text-align: center;\n    margin: auto;\n}\n.nav li.active .aw-timeline-nav__title i,\n.hide-icon .ha-steps-icon,\nh4.ha-steps-title {\n    display: none;\n}\n\np.aw-active-icons-wrap.text-align-right {\n    text-align: right;\n}\np.aw-active-icons-wrap.text-align-center {\n    text-align: center;\n}\na.color-white{color:#ffffff;transition:all .3s linear;}\na.color-hover-orange:hover{color:#f58220 !important;}\nspan.aw-interest-point {\n  background-image: linear-gradient(to right, #ff9933, #ff3800);\n  background-position: 0 35px;\n  background-size: 100% 4px;\n  background-repeat: repeat-x;\n  color: #fff;\n  font-size:110%;\n  font-weight: 400;\n  padding: 5px 12px;\n  text-decoration: none;\n  text-transform: uppercase;\n  transition: all 250ms ease-out;\n  font-weight:700;\n  position: relative;\n  display: inline-block;\n}\nspan.aw-interest-point:hover, span.aw-interest-point:focus {\n  background-image: linear-gradient(to right, #ff9933, #ff3800);\n  background-position: 0 0;\n  background-size: 100% 100%;\n  color: #fff;\n  padding: 5px 12px;\n}\nspan.aw-interest-point:active {\n  background-image: linear-gradient(to right, #ff9933, #ff3800);\n}\n\nspan.aw-interest-point.data-tippy-interest-point-01,\nspan.aw-interest-point.data-tippy-interest-point-02,\nspan.aw-interest-point.data-tippy-interest-point-03,\nspan.aw-interest-point.data-tippy-interest-point-04,\nspan.aw-interest-point.data-tippy-interest-point-05,\nspan.aw-interest-point.data-tippy-interest-point-06,\nspan.aw-interest-point.data-tippy-interest-point-07,\nspan.aw-interest-point.data-tippy-interest-point-08,\nspan.aw-interest-point.data-tippy-interest-point-09,\nspan.aw-interest-point.data-tippy-interest-point-10{\n    text-transform: initial;\n    padding: 2px 4px;\n    background-position: 0 28px;\n    font-size:100%;\n}\n\/*span.aw-interest-point.data-tippy-interest-point-06,\nspan.aw-interest-point.data-tippy-interest-point-08{\n    text-transform: initial;\n    padding: 2px 4px;\n    background-position: 0 47px;\n\tfont-weight: 900;\n}\nspan.aw-interest-point.data-tippy-interest-point-09,\nspan.aw-interest-point.data-tippy-interest-point-10{\n    background-position: 0 35px;\n}*\/\nspan.aw-interest-point.data-tippy-interest-point-01:hover, span.aw-interest-point.data-tippy-interest-point-01:focus,\t\t\nspan.aw-interest-point.data-tippy-interest-point-02:hover, span.aw-interest-point.data-tippy-interest-point-02:focus,\nspan.aw-interest-point.data-tippy-interest-point-03:hover, span.aw-interest-point.data-tippy-interest-point-03:focus,\nspan.aw-interest-point.data-tippy-interest-point-04:hover, span.aw-interest-point.data-tippy-interest-point-04:focus,\nspan.aw-interest-point.data-tippy-interest-point-05:hover, span.aw-interest-point.data-tippy-interest-point-05:focus,\nspan.aw-interest-point.data-tippy-interest-point-06:hover, span.aw-interest-point.data-tippy-interest-point-06:focus,\nspan.aw-interest-point.data-tippy-interest-point-07:hover, span.aw-interest-point.data-tippy-interest-point-07:focus,\nspan.aw-interest-point.data-tippy-interest-point-08:hover, span.aw-interest-point.data-tippy-interest-point-08:focus,\nspan.aw-interest-point.data-tippy-interest-point-09:hover, span.aw-interest-point.data-tippy-interest-point-09:focus,\nspan.aw-interest-point.data-tippy-interest-point-09:hover, span.aw-interest-point.data-tippy-interest-point-10:hover,\nspan.aw-interest-point.data-tippy-interest-point-10:focus{\n    background-position: 0 0;\n}\nspan.aw-interest-point:after {\n    content: \"\";\n    border-radius: 50%;\n    animation: live-pulse 2s infinite;\n    background-color: #ffffff;\n    height: 10px;width:10px;\n    position: relative;\n    margin-left:5px;\n    display: inline-block;\n    bottom: 3px;\n}\n.aw-has-interest-point .tippy-box {\n    background: #fff;\n    color: #1c1c1c;\n    text-transform: initial;\n    letter-spacing: 0px;\n    padding: 10px;\n    font-size: 16px;\n}\n.aw-has-interest-point .tippy-arrow {\n    color: #fff;\n}\n.aw-interest-point-font-control.aw-has-interest-point .tippy-box ,\n.aw-interest-point-font-control.aw-has-interest-point .tippy-box {\n    font-weight: 500;\n    font-style: normal;\n    font-family: 'Lato';\n}\nspan.aw-interest-point.data-tippy-interest-point-01:after,\nspan.aw-interest-point.data-tippy-interest-point-02:after,\nspan.aw-interest-point.data-tippy-interest-point-03:after,\nspan.aw-interest-point.data-tippy-interest-point-04:after,\nspan.aw-interest-point.data-tippy-interest-point-06:after,\nspan.aw-interest-point.data-tippy-interest-point-05:after,\nspan.aw-interest-point.data-tippy-interest-point-07:after,\nspan.aw-interest-point.data-tippy-interest-point-08:after,\t\t\nspan.aw-interest-point.data-tippy-interest-point-09:after,\nspan.aw-interest-point.data-tippy-interest-point-10:after{\n    bottom: 1px;\n}\n\/*span.aw-interest-point.data-tippy-interest-point-06:after,\n    span.aw-interest-point.data-tippy-interest-point-08:after{\n    bottom: 5px;\n    height: 18px;\n    width: 18px;\n    margin-left: 10px;\n\t} *\/\n@keyframes live-pulse {\n\t0% {\n\t\ttransform: scale(0.9);\n\t\tbox-shadow: 0 0 0 0 rgba(255, 255, 255, 0.7);\n\t}\n\t\n\t70% {\n\t\ttransform: scale(1);\n\t\tbox-shadow: 0 0 0 10px rgba(255, 255, 255, 0);\n\t}\n\t\n\t100% {\n\t\ttransform: scale(0.9);\n\t\tbox-shadow: 0 0 0 0 rgba(255, 255, 255, 0);\n\t}\n}\n@keyframes pulse-red {\n\t0% {\n\t\ttransform: scale(0.9);\n\t\tbox-shadow: 0 0 0 0 rgba(255, 82, 82, 0.7);\n\t}\n\t\n\t70% {\n\t\ttransform: scale(1);\n\t\tbox-shadow: 0 0 0 10px rgba(255, 82, 82, 0);\n\t}\n\t\n\t100% {\n\t\ttransform: scale(0.9);\n\t\tbox-shadow: 0 0 0 0 rgba(255, 82, 82, 0);\n\t}\n}\n\n.aw-timeline-nav__wrapper {\n  position: fixed;\n  height: auto;\n  padding: 30px;\n  display: flex;\n  flex-flow: column nowrap;\n  justify-content: flex-end;\n  bottom:50px;\n  width: 240px;\n  overflow: visible;\n  transition: all .2s linear !important;\n}\n.nav {\n  margin: 0 0 100px 30px;\n}\n.aw-timeline-nav__counter {\n  font-size: 24px;\n  transition: all 0.15s ease-out;\n}\n.aw-timeline-nav__title {\n  font-size: 32px;\n  font-weight: 300;\n  margin: 0 0 0.25em;\n  height: 0;\n  overflow: hidden;\n  opacity: 0;\n  transition: height 0.3s ease-out, opacity 0.2s ease-out;\n}\n.aw-timeline-nav__body {\n    font-weight: 800;\n    margin-left: -20px;\n    font-size: 11px;\n    text-transform: uppercase;\n    margin-top: -10px;\n    color: #f83300;\n    font-family: 'Lato', sans-serif;\n    height: 0;\n    overflow: hidden;\n    opacity: 0;\n    transition: height 0.3s ease-out, opacity 0.2s ease-out;\n}\n.aw-timeline-nav__body img {\n    max-width: 30px;\n}\n.nav li {\n  position: relative;\n  transition: all 0.3s ease-out;\n  margin-bottom: 1em;\n}\n\n.nav li:after {\n  content: \"\";\n  display: block;\n  border-left: 2px solid white;\n  border-top: 2px solid white;\n  height: 250px;\n  width: 20px;\n  position: absolute;\n  left: -30px;\n  top: 15px;\n}\n.nav li a {\n  display: block;\n  padding: 0;\n  color: #fff;\n  transition: all 0.15s ease-out;\n}\n.nav li a:hover {\n  background-color: transparent;\n  padding-left: 1em;\n}\n.nav li a:focus {\n  background-color: transparent;\n}\n.nav li.active {\n  padding-left: 1em;\n}\n.nav li.active:after {\n  width: 35px;\n  height: 400px;\n  top: 35px;\n}\n.nav li.active .aw-timeline-nav__counter {\n  font-size: 30px;\n}\n.nav li.active .aw-timeline-nav__title {\n  height: 40px;\n  opacity: 1;\n  overflow: visible;\n  font-size:17px;\n}\n.nav li.active .aw-timeline-nav__body {\n    height: auto;\n    opacity: 1;\n    overflow: visible;\n    display: flex;\n    align-items: center;\n}\n.aw-timeline-nav__body img {\n    max-width: 35px;\n    background: #fff;\n    margin-right: 10px;\n    border-radius: 50%;\n    padding: 5px;\n    overflow: visible;\n\ttransition: all .25s linear;\n}\n.aw-timeline-nav__body img:hover {\n    transform: translateY(-5px);\n}\n.nav li:last-of-type .aw-timeline-nav__body {\n    font-size: 13px;\n}\n.aw-active-icons-wrap img {\n    max-width: 40px;\n    background: #fff;\n    margin-right: 10px;\n    border-radius: 50%;\n    padding: 5px;\n    overflow: visible;\n\ttransition: all .25s linear;\n}\n.aw-active-icons-wrap img:hover {\n    transform: translateY(-5px);\n}\nimg.aw-timeline-icon_cst {\n    padding-top: 7px;\n    padding-bottom: 3px;\n}\nimg.aw-timeline-icon_platform {\n    padding-top: 3px;\n    padding-bottom: 7px;\n}\n\t\n.aw-timeline-nav__body img.data-tippy-attacker_inactive:hover,\n.aw-timeline-nav__body img.data-tippy-platform_inactive:hover,\n.aw-timeline-nav__body img.data-tippy-customer_inactive:hover,\n.aw-timeline-nav__body img.data-tippy-triage_inactive:hover,\n.aw-timeline-nav__body img.data-tippy-cst_inactive:hover{\n    transform: translateY(0px);\n}\n.aw-timeline-nav__body i.fas {\n   margin-right:8px;\n}\n.aw-timeline-nav__body .fa-arrow-right:before {\n    content: \"\\f061\" !important;\n}\nimg.data-tippy-platform_inactive,\nimg.data-tippy-customer_inactive,\nimg.data-tippy-triage_inactive,\nimg.data-tippy-cst_inactive,\nimg.data-tippy-attacker_inactive{\n    opacity: .2;\n}\n#aw-vert-timeline-nav .tippy-box, .aw-active-icons-wrap .tippy-box {\n    background: #fff;\n    color: #1c1c1c;\n    font-weight: 500;\n    top: -5px;\n    min-width: 150px;\n    text-align: center;\n}\nspan.aw-attack-active {\n    display: block;\n    text-align: center;\n    font-size: 80%;\n    text-transform: uppercase;\n    letter-spacing: 1px;\n    color: green;\n    font-weight: 600;\n}\nspan.aw-attack-inactive {\n    display: block;\n    text-align: center;\n    font-size: 80%;\n    text-transform: uppercase;\n    letter-spacing: 1px;\n    color: #000;\n    font-weight: 600;\n    opacity: .2;\n}\n#aw-vert-timeline-nav .tippy-arrow,\n.aw-active-icons-wrap .tippy-arrow{\n    color: #fff;\n}\n.tippy-content a:hover {\n    text-decoration: underline;\n}\n.tippy-box[data-animation=shift-away][data-state=hidden]{opacity:0}.tippy-box[data-animation=shift-away][data-state=hidden][data-placement^=top]{transform:translateY(10px)}.tippy-box[data-animation=shift-away][data-state=hidden][data-placement^=bottom]{transform:translateY(-10px)}.tippy-box[data-animation=shift-away][data-state=hidden][data-placement^=left]{transform:translateX(10px)}.tippy-box[data-animation=shift-away][data-state=hidden][data-placement^=right]{transform:translateX(-10px)}\n\t\n.aw-timeline-nav__wrapper.is-now-inactive {\n    transform: translate(-100px, 0px);\n    opacity: 0;\n}\n.elementor-section.padding-control {\n    transition: all .25s linear;\n}\nbody.aw-timeline-nav-end .elementor-section.padding-control {\n    padding-left:0px !important;\n}\n\t\n@media (min-width:768px){\nsection.elementor-section.elementor-top-section.elementor-element.aw-timeline-nav__wrapper {\n    box-shadow: none !important;\n        background-image: none !important;\n}\n}\n\n@media (max-width:1024px){\n    .nav li.active .aw-timeline-nav__body{line-height: 15px;}\n    .hide-direction-mobile .ha-steps-icon {\n    display: none;\n}\n.aw-timeline-nav__wrapper {\n    transform: scale(0.8);\n    left: -25px;\n}\n}\n\n@media (max-width:767px){\n.aw-resources-dark a.lb-inpage-item:after{display:none;}\n    \np.aw-active-icons-wrap.text-align-left-mobile{\n    text-align: left;\n}\n.aw-timeline-nav__wrapper {\n    padding-top: 20px !important;\n    width: 250px;\n    transform: scale(1.0);\n    left:-250px;\n    bottom:0px;\n}\nbody.aw-timeline-nav-mobile-active .aw-timeline-nav__wrapper {\n    left: 0px;\n}\nsection.elementor-sticky--effects.elementor-sticky.elementor-sticky--active.aw-mobile-nav-toggle-wrap.aw-mobile-nav-toggle-wrap-inactive {\n    top: -100px !important;\n    transition: all .3s linear;\n}\np.aw-active-icons-wrap {\n    text-align: right;\n}\n.aw-active-icons-wrap img {\n    max-width: 35px;\n    margin-right: 5px;\n}\n.aw-pie-graph img {\n    width:100%;\n    max-width: 300px;\n}\n.aw-button-white a.elementor-button,\n.gr-button-blue a.elementor-button {\n    height: auto;\n}\nspan.aw-interest-point {\n    background-position: 0 30px;\n}\nspan.aw-interest-point.data-tippy-interest-point-09 {\n    background-position: 0 23px;\n}\nspan.aw-interest-point.data-tippy-interest-point-06, span.aw-interest-point.data-tippy-interest-point-08 {\n    background-position: 0 32px;\n}\nspan.aw-interest-point.data-tippy-interest-point-06:after, span.aw-interest-point.data-tippy-interest-point-08:after {\n    height: 12px;\n    width: 12px;\n}\n\n}\n\n@media (max-width:500px){\n}\n\n@media (max-width:361px){\n    .gr-button-blue a.elementor-button:before,\n.gr-button-blue a.elementor-button:after{height:72px;}\n}\n\n\t\n<\/style>\n\n\n<script src=\"https:\/\/maxcdn.bootstrapcdn.com\/bootstrap\/3.4.1\/js\/bootstrap.min.js\"><\/script>\n<script>\n\t\n\njQuery('a.smoothScroll').click(function() {\n    if (location.pathname.replace(\/^\\\/\/,'') == this.pathname.replace(\/^\\\/\/,'') \n        || location.hostname == this.hostname) {\n\n        var target = jQuery(this.hash);\n        target = target.length ? target : jQuery('[name=' + this.hash.slice(1) +']');\n           if (target.length) {\n             jQuery('html,body').animate({\n                 scrollTop: target.offset().top\n            }, 1000);\n            return false;\n        }\n    }\n});\njQuery( document ).ready(function() {\n    const dataTimeline = document.querySelector(\"body\");\n    \n      dataTimeline.setAttribute(\"data-spy\", \"scroll\");\n      dataTimeline.setAttribute(\"data-target\", \"#aw-vert-timeline-nav\");\n\t\n});\n<\/script>\n\n\n    <!-- TIPYY ASSETS-->\n<script src=\"https:\/\/arcticwolf.com\/wp-content\/aw-tippy-library-core-2023.min.js\"><\/script>\n<script src=\"https:\/\/arcticwolf.com\/wp-content\/aw-tippy-library-bundle-2023.min.js\"><\/script>\n\n<script>\ntippy('.data-tippy-attacker', { content: '<p><span class=\"aw-attack-active\">Active<\/span>Attacker<\/p>', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', arrow: true, trigger: 'mouseenter focus'});\n\t\ntippy('.data-tippy-platform', { content: '<p><span class=\"aw-attack-active\">Active<\/span>Arctic Wolf Aurora Platform<\/p>', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', arrow: true, trigger: 'mouseenter focus'});\n\t\ntippy('.data-tippy-customer', { content: '<p><span class=\"aw-attack-active\">Active<\/span>Arctic Wolf Customer<\/p>', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', arrow: true, trigger: 'mouseenter focus'});\n\t\ntippy('.data-tippy-triage', { content: '<p><span class=\"aw-attack-active\">Active<\/span>Arctic Wolf Triage Team<\/p>', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', arrow: true, trigger: 'mouseenter focus'});\n\t\ntippy('.data-tippy-cst', { content: '<p><span class=\"aw-attack-active\">Active<\/span>Arctic Wolf Concierge Security Team<\/p>', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', arrow: true, trigger: 'mouseenter focus'});\n\t\ntippy('.data-tippy-attacker_inactive', { content: '<p><span class=\"aw-attack-inactive\">Inactive<\/span>Attacker<\/p>', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', arrow: true, trigger: 'mouseenter focus'});\n\t\ntippy('.data-tippy-platform_inactive', { content: '<p><span class=\"aw-attack-inactive\">Inactive<\/span>Arctic Wolf Aurora Platform<\/p>', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', arrow: true, trigger: 'mouseenter focus'});\n\t\ntippy('.data-tippy-customer_inactive', { content: '<p><span class=\"aw-attack-inactive\">Inactive<\/span>Arctic Wolf Customer<\/p>', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', arrow: true, trigger: 'mouseenter focus'});\n\t\ntippy('.data-tippy-triage_inactive', { content: '<p><span class=\"aw-attack-inactive\">Inactive<\/span>Arctic Wolf Triage Team<\/p>', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', arrow: true, trigger: 'mouseenter focus'});\n\t\ntippy('.data-tippy-cst_inactive', { content: '<p><span class=\"aw-attack-inactive\">Inactive<\/span>Arctic Wolf Concierge Security Team<\/p>', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', arrow: true, trigger: 'mouseenter focus'});\n\n\n\n\n\n\n\n\/\/Interesting Points\ntippy('.data-tippy-interest-point-01', { content: 'Vulnerabilities include: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\ntippy('.data-tippy-interest-point-02', { content: 'PowerShell Empire is an incredibly powerful post-exploitation tool. It provides capabilities including privilege escalation, lateral movement, credential theft, and more.', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\t\ntippy('.data-tippy-interest-point-03', { content: 'Used to target enterprise environments, Ryuk ransomware typically encrypts files on an infected system and holds them ransom for cryptocurrency.', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\t\n\t\ntippy('.data-tippy-interest-point-04', { content: 'Used to target enterprise environments, Ryuk ransomware typically encrypts files on an infected system and holds them ransom for cryptocurrency.', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\ntippy('.data-tippy-interest-point-05', { content: 'SVN.exe is TortoiseSVN, a subversion client that can be used to add, remove, or modify files in a directory.', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\n\t\ntippy('.data-tippy-interest-point-06', { content: 'Arctic Wolf Customers can authorise Arctic Wolf to take containment actions on their behalf.', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\n\ntippy('.data-tippy-interest-point-08', { content: 'Even though an incident has been contained and remediation steps have been taken, that doesn\\'t mean the security journey stops there. From each incident, there are insights that can be applied to proactively harden your environment and mitigate the risk of future compromises.', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\ntippy('.data-tippy-interest-point-09', { content: 'With a complete understanding of your unique IT environment, the Arctic Wolf<sup>\u00ae<\/sup> <a href=\"https:\/\/arcticwolf.com\/how-it-works\/concierge-delivery-model\/\" target=\"_blank\">Concierge Security<sup>\u00ae<\/sup> Team (CST)<\/a> provides your team with coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\ntippy('.data-tippy-interest-point-10', { content: 'With the Arctic Wolf Agent, the Arctic Wolf Triage Team can take containment action on behalf of customers, reducing time to remediation.', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\n\n\n\n\n\n\t\n\t\ntippy('.data-tippy-redacted-customer', { content: 'Customer name has been redacted.', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\t\ntippy('.data-tippy-redacted-user', { content: 'User name has been redacted.', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\t\ntippy('.data-tippy-redacted-ip', { content: 'IP address has been redacted.', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\t\ntippy('.data-tippy-redacted-server', { content: 'Server information has been redacted.', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\ntippy('.data-tippy-redacted-admin', { content: 'Admin information has been redacted.', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\t\ntippy('.data-tippy-redacted-device', { content: 'Device information has been redacted.', animation: 'shift-away', interactive: true, allowHTML: true, placement: 'top', followCursor: 'horizontal', arrow: true, trigger: 'mouseenter focus'});\n\n\n\n\n\n\/\/smoothScroll\ndocument.querySelectorAll('.smoothScroll a').forEach(anchor => {\n    anchor.addEventListener('click', function (e) {\n        e.preventDefault();\n\n        document.querySelector(this.getAttribute('href')).scrollIntoView({\n            behavior: 'smooth'\n        });\n    });\n});\n\t\n\t\n\t\n\/\/Hide Timeline Nav at bottom of page\t\n\/\/ Select the elements\nconst timelineNav = document.querySelector('.aw-timeline-nav__wrapper');\nconst startElement = document.getElementById('aw-timeline-visibility-trigger');\nconst mobileToggleWrap = document.querySelector('.aw-mobile-nav-toggle-wrap')\n\n\/\/ Function to handle class toggling\nfunction handleIntersection(entries) {\n  entries.forEach(entry => {\n    if (entry.isIntersecting) {\n      \/\/ Add the class when #aw-timeline-visibility-trigger enters the viewport\n      timelineNav.classList.add('is-now-inactive');\n\t  mobileToggleWrap.classList.add('aw-mobile-nav-toggle-wrap-inactive');\n\t  document.body.classList.add('aw-timeline-nav-end');\n    } else if (entry.boundingClientRect.top > 0) {\n      \/\/ Remove the class when #aw-timeline-visibility-trigger leaves the viewport (scrolling up)\n      timelineNav.classList.remove('is-now-inactive');\n\t  mobileToggleWrap.classList.remove('aw-mobile-nav-toggle-wrap-inactive');\n\t  document.body.classList.remove('aw-timeline-nav-end');\n    }\n  });\n}\n\n\/\/ Create an IntersectionObserver\nconst observer = new IntersectionObserver(handleIntersection, {\n  root: null, \/\/ Use the viewport as the root\n  threshold: 0, \/\/ Trigger when any part of the element is visible\n});\n\n\/\/ Observe the #aw-timeline-visibility-trigger element\nobserver.observe(startElement);\n\t\n\t\n\n\njQuery(\".tgl-btn\").click(function(){\n  jQuery(\"body\").toggleClass(\"aw-timeline-nav-mobile-active\");\n});\n\n\n\n<\/script>\n\t\n\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Response Timeline Microsoft Exchange Vulnerability TIME From Detection to Escalation: 20 MINUTES In this real-world attack example, an Arctic Wolf customer in the construction industry experienced a vulnerability-based incident. The threat actor leveraged multiple Microsoft Exchange vulnerabilities for access, but Arctic Wolf helped this customer swiftly stop the incident and create a long-term fix for <a href=\"https:\/\/arcticwolf.com\/uk\/incident-response-timeline-microsoft-exchange-vulnerability\/\" class=\"more-link\">&#8230;<span class=\"screen-reader-text\">  Incident Response Timeline &#8211; Microsoft Exchange Vulnerability<\/span><\/a><\/p>\n","protected":false},"author":65,"featured_media":33485,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-33651","page","type-page","status-publish","has-post-thumbnail","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Incident Response Timeline - Microsoft Exchange Vulnerability - Arctic Wolf<\/title>\n<meta name=\"description\" content=\"Join us for our latest real-world attack example which will walk through an attack on a customer in the construction industry with the attacker leveraging the Microsoft Exchange vulnerabilities that were released in early 2021.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/arcticwolf.com\/uk\/incident-response-timeline-microsoft-exchange-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Incident Response Timeline - Microsoft Exchange Vulnerability - Arctic Wolf\" \/>\n<meta property=\"og:description\" content=\"Join us for our latest real-world attack example which will walk through an attack on a customer in the construction industry with the attacker leveraging the Microsoft Exchange vulnerabilities that were released in early 2021.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/arcticwolf.com\/uk\/incident-response-timeline-microsoft-exchange-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"Arctic Wolf\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ArcticWolfNetworks\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-12T19:29:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2021\/10\/AW-Incident-Response-MEV-OG-21001.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2021\/10\/AW-Incident-Response-MEV-OG-21001.jpg\" \/>\n<meta name=\"twitter:site\" content=\"@AWNetworks\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/incident-response-timeline-microsoft-exchange-vulnerability\\\/\",\"url\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/incident-response-timeline-microsoft-exchange-vulnerability\\\/\",\"name\":\"Incident Response Timeline - Microsoft Exchange Vulnerability - Arctic Wolf\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/incident-response-timeline-microsoft-exchange-vulnerability\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/incident-response-timeline-microsoft-exchange-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/arcticwolf.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/AW-Incident-Response-MEV-OG-21001.jpg\",\"datePublished\":\"2021-10-07T14:20:18+00:00\",\"dateModified\":\"2025-12-12T19:29:18+00:00\",\"description\":\"Join us for our latest real-world attack example which will walk through an attack on a customer in the construction industry with the attacker leveraging the Microsoft Exchange vulnerabilities that were released in early 2021.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/incident-response-timeline-microsoft-exchange-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/incident-response-timeline-microsoft-exchange-vulnerability\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/incident-response-timeline-microsoft-exchange-vulnerability\\\/#primaryimage\",\"url\":\"https:\\\/\\\/arcticwolf.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/AW-Incident-Response-MEV-OG-21001.jpg\",\"contentUrl\":\"https:\\\/\\\/arcticwolf.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/AW-Incident-Response-MEV-OG-21001.jpg\",\"width\":1200,\"height\":627},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/incident-response-timeline-microsoft-exchange-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Incident Response Timeline &#8211; Microsoft Exchange Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/#website\",\"url\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/\",\"name\":\"Arctic Wolf\",\"description\":\"The Leaders in Security Operations\",\"publisher\":{\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/#organization\",\"name\":\"Arctic Wolf Networks\",\"alternateName\":\"Arctic Wolf\",\"url\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/arcticwolf.com\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/AW-Logo-Main-AuroraFY25.png\",\"contentUrl\":\"https:\\\/\\\/arcticwolf.com\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/AW-Logo-Main-AuroraFY25.png\",\"width\":655,\"height\":232,\"caption\":\"Arctic Wolf Networks\"},\"image\":{\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/ArcticWolfNetworks\",\"https:\\\/\\\/x.com\\\/AWNetworks\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/arcticwolf\",\"https:\\\/\\\/www.youtube.com\\\/ArcticWolfNetworks\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Incident Response Timeline - Microsoft Exchange Vulnerability - Arctic Wolf","description":"Join us for our latest real-world attack example which will walk through an attack on a customer in the construction industry with the attacker leveraging the Microsoft Exchange vulnerabilities that were released in early 2021.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/arcticwolf.com\/uk\/incident-response-timeline-microsoft-exchange-vulnerability\/","og_locale":"en_GB","og_type":"article","og_title":"Incident Response Timeline - Microsoft Exchange Vulnerability - Arctic Wolf","og_description":"Join us for our latest real-world attack example which will walk through an attack on a customer in the construction industry with the attacker leveraging the Microsoft Exchange vulnerabilities that were released in early 2021.","og_url":"https:\/\/arcticwolf.com\/uk\/incident-response-timeline-microsoft-exchange-vulnerability\/","og_site_name":"Arctic Wolf","article_publisher":"https:\/\/www.facebook.com\/ArcticWolfNetworks","article_modified_time":"2025-12-12T19:29:18+00:00","og_image":[{"width":1200,"height":627,"url":"https:\/\/arcticwolf.com\/wp-content\/uploads\/2021\/10\/AW-Incident-Response-MEV-OG-21001.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_image":"https:\/\/arcticwolf.com\/wp-content\/uploads\/2021\/10\/AW-Incident-Response-MEV-OG-21001.jpg","twitter_site":"@AWNetworks","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/arcticwolf.com\/uk\/incident-response-timeline-microsoft-exchange-vulnerability\/","url":"https:\/\/arcticwolf.com\/uk\/incident-response-timeline-microsoft-exchange-vulnerability\/","name":"Incident Response Timeline - Microsoft Exchange Vulnerability - Arctic Wolf","isPartOf":{"@id":"https:\/\/arcticwolf.com\/uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/arcticwolf.com\/uk\/incident-response-timeline-microsoft-exchange-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/arcticwolf.com\/uk\/incident-response-timeline-microsoft-exchange-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/arcticwolf.com\/wp-content\/uploads\/2021\/10\/AW-Incident-Response-MEV-OG-21001.jpg","datePublished":"2021-10-07T14:20:18+00:00","dateModified":"2025-12-12T19:29:18+00:00","description":"Join us for our latest real-world attack example which will walk through an attack on a customer in the construction industry with the attacker leveraging the Microsoft Exchange vulnerabilities that were released in early 2021.","breadcrumb":{"@id":"https:\/\/arcticwolf.com\/uk\/incident-response-timeline-microsoft-exchange-vulnerability\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/arcticwolf.com\/uk\/incident-response-timeline-microsoft-exchange-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/arcticwolf.com\/uk\/incident-response-timeline-microsoft-exchange-vulnerability\/#primaryimage","url":"https:\/\/arcticwolf.com\/wp-content\/uploads\/2021\/10\/AW-Incident-Response-MEV-OG-21001.jpg","contentUrl":"https:\/\/arcticwolf.com\/wp-content\/uploads\/2021\/10\/AW-Incident-Response-MEV-OG-21001.jpg","width":1200,"height":627},{"@type":"BreadcrumbList","@id":"https:\/\/arcticwolf.com\/uk\/incident-response-timeline-microsoft-exchange-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/arcticwolf.com\/uk\/"},{"@type":"ListItem","position":2,"name":"Incident Response Timeline &#8211; Microsoft Exchange Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/arcticwolf.com\/uk\/#website","url":"https:\/\/arcticwolf.com\/uk\/","name":"Arctic Wolf","description":"The Leaders in Security Operations","publisher":{"@id":"https:\/\/arcticwolf.com\/uk\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/arcticwolf.com\/uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/arcticwolf.com\/uk\/#organization","name":"Arctic Wolf Networks","alternateName":"Arctic Wolf","url":"https:\/\/arcticwolf.com\/uk\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/arcticwolf.com\/uk\/#\/schema\/logo\/image\/","url":"https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/01\/AW-Logo-Main-AuroraFY25.png","contentUrl":"https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/01\/AW-Logo-Main-AuroraFY25.png","width":655,"height":232,"caption":"Arctic Wolf Networks"},"image":{"@id":"https:\/\/arcticwolf.com\/uk\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ArcticWolfNetworks","https:\/\/x.com\/AWNetworks","https:\/\/www.linkedin.com\/company\/arcticwolf","https:\/\/www.youtube.com\/ArcticWolfNetworks"]}]}},"_links":{"self":[{"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/pages\/33651","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/comments?post=33651"}],"version-history":[{"count":0,"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/pages\/33651\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/media\/33485"}],"wp:attachment":[{"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/media?parent=33651"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}