Collaboration with Breizh Cyber
At Defants, Brittany is more than just a region; it’s our home. We take pride in our roots and are grateful for the invaluable support we’ve received from the Regional Council to become what we are today. Therefore, when a Breton company faces a cybersecurity threat, our mission is clear: protect our community and contribute to making this home a benchmark in cybersecurity.
Recently, we had the opportunity to collaborate with Breizh Cyber, the region’s CSIRT (Computer Security Incident Response Team), to respond to a major incident. Here is the story of our intervention and how we joined forces to defend Brittany.
The start of the incident
On January 24, the CSIRT Bretagne contacted us after discovering that sensitive files from a key housing solutions company were for sale on the darknet. Facing this threat, we knew that every minute counted.
Preliminary analysis
Immediately, we began processing the log files provided by the company’s managed service provider. Initial analyses, conducted within a business day, revealed anomalies linked to compromises detected by the ESET antivirus. While awaiting a KAPE (Kroll Artifact Parser and Extractor) for more in-depth analysis, we continued our investigation. On January 31, once we received the KAPE, we integrated the new data and completed our report. Two days later, on February 2, we held a meeting with Breizh Cyber to share the results of our log and KAPE analyses.
Crucial discoveries
Our combined analysis revealed traces of a ransomware attack named Lockbit. This result was a cornerstone of our investigation, proving that valuable information could be extracted even from backup logs. In collaboration with Breizh Cyber, we developed a new microservice to analyze ESET logs, thereby improving the readability and efficiency of our analysis. A major technical challenge, having to analyze backup logs instead of compromised servers, was overcome thanks to our expertise and determination.
A successful collaboration
On February 5, we submitted our final report to Breizh Cyber. Their feedback was extremely positive, highlighting the effectiveness and speed of our intervention. The company involved, although not providing direct feedback, benefited from our quick and decisive action.
Strengthening regional capabilities
Following this intervention, we had the opportunity to launch an initial training session on the Defants AIR solution with Valentin Chuzel, an analyst at Breizh Cyber, and a second one, Lead Tech, with Guillaume Chéreau, the head of the same company. These training sessions have strengthened incident response capabilities within our Breton home, proving once again the importance of regional collaboration.
Conclusion
This intervention is not only a victory against a cybersecurity threat but also proof of our commitment to protect and strengthen Brittany. At Defants, we are determined to make our region a reference in cybersecurity by uniting our forces with partners like Breizh Cyber. Together, we will continue to defend our territory and make Brittany shine on the global cybersecurity stage.