RadiumFox Logo
RADIUMFOXSecurity

Select Case File (DRAG TO EXPLORE)

June 27, 2017

NotPetya

The Most Destructive Cyberattack in History

View Analysis
May 12, 2017

WannaCry

The NHS Crippler

View Analysis
Dec 2020 (Discovered)

SolarWinds

The Sunburst Backdoor

View Analysis
May 7, 2021

Colonial Pipeline

DarkSide Ransomware

View Analysis
Sept 7, 2017

Equifax

The Apache Struts Breach

View Analysis
Sept 11, 2023

MGM Resorts

Social Engineering Masterclass

View Analysis
Dec 2013

Target

The HVAC Vendor Breach

View Analysis
2010 (Discovered)

Stuxnet

The First Cyber Weapon

View Analysis
Nov 24, 2014

Sony Pictures

The Guardians of Peace

View Analysis
Nov 2018 (Discovered)

Marriott (Starwood)

The 4-Year Breach

View Analysis

The Kill Chain

A chronological reconstruction of the attack vectors used to compromise the target.

Impact Assessment

Financial LossEspionage (Not Ransomware)
Operational Impact18,000 Organizations Compromised
Day -90

Code Injection

Attackers inject 'Sunburst' malware into the build pipeline of SolarWinds Orion software.

Day 0

Update Distributed

Trojanized update is signed by a valid certificate and downloaded by 18,000 customers.

Day 14

Dormancy Ends

Malware wakes up and begins beaconing to C2 servers using steganography in DNS traffic.

Day 60

Hands-on-Keyboard

Attackers move laterally to AD FS servers to forge SAML tokens (Golden SAML).

Evidence Board

CONFIDENTIAL // EYES ONLY

RANSOM_NOTE.TXT

N/A (State Sponsored Espionage)

WALLET ADDRESS

N/A

SHA-256 HASH

32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77

EXPLOITED VULNERABILITIES

Supply ChainGolden SAML
Retrospective Analysis

How We Would Have Stopped It

Mapping the specific security failures to RadiumFox's preventative services.

The Failure

Compromised Build Pipeline

The Solution

Implement code signing integrity checks and monitor build environments for anomalies.

Explore DevSecOps Implementation

The Failure

Golden SAML Attack

The Solution

Protect AD FS signing keys in an HSM and monitor for unusual SAML token usage.

Explore Cloud Security Assessment

The Failure

Egress Traffic Ignored

The Solution

Monitor DNS logs for low-and-slow beaconing patterns.

Explore Threat Hunting

Join Us. Cut Costs.
Focus on What Matters.

Unlock high-impact penetration testing that drives real security gains. Led by experts, tailored for results, and designed to stay budget-friendly.

1

Submit Info

Share your environment, scope, or compliance needs via our quick form.

2

Senior Review

A lead RadiumFox engineer reviews and tailors your assessment—no junior handoffs.

3

Optional Scoping Call

We'll clarify priorities and technical details if needed.

4

Clear Quote

Expect a fixed-cost proposal—no hidden fees or fluff.

5

Fast Kickoff

Once approved, most projects launch within 5–7 business days with full support.