Telecommunications

Hunting a quiet intruder in the network core

A hypothesis-driven hunt across the operator's telemetry uncovered dormant persistence that automated monitoring had stepped over for months.

The Challenge

What was at stake

The operator's monitoring was alert-driven and tuned to known signatures. Leadership suspected, but could not confirm, that a sophisticated adversary could be operating quietly inside an environment of this scale and complexity.

Our Approach

How we ran it

Formed hunting hypotheses from adversary tradecraft relevant to telecom infrastructure
Hunted across endpoint, identity, and management-plane telemetry for behavioral signals
Confirmed and fully scoped dormant persistence on management-plane hosts
Converted the findings into durable detections and handed off to containment

Outcomes

What changed

Measured against the engagement objectives and verified at re-test.

dormant intrusion confirmed and scoped

new detections operationalized

100%

of affected hosts identified before spread

Illustrative example

Our tooling had been clean for months. The hunt found what it was never built to catch, and now those detections run automatically.

Head of Cyber DefenseTelecom Operator

Services

Engagements in this work

Threat Hunting

Proactively uncover hidden threats.

Red Teaming

Simulate real adversaries to test resilience.

All case studies

Get started

Before attackers find it.We will.

Book a security assessment and see your organization the way an adversary does.

Book Security Assessment Explore services

Confidential by default
NDA on request
Findings you can act on