Brangus ITBrangus IT
Financial Services

Uncovering a critical wire-transfer fraud path before attackers could

A multi-week red team engagement revealed a domain-compromise path that could have enabled fraudulent wire transfers, prompting an emergency architecture change before go-live of a new digital banking platform.

A regional retail bank ($8B AUM)Red Team Operations

The Problem

Ahead of launching a new digital banking platform, the bank's board wanted independent validation that a real attacker could not reach the wire-transfer approval workflow, despite passing internal audits.

Our Assessment

Brangus IT was engaged for a 4-week objective-based red team exercise with the goal of reaching the wire-transfer approval system without detection by the bank's SOC.

The Solution

Our team gained initial access through a spear-phishing campaign targeting the treasury operations team, then pivoted through a misconfigured file share to obtain domain administrator credentials — undetected for 11 days.

Implementation

We worked directly with the bank's SOC and identity team to implement conditional access policies, tier-0 credential isolation, and detection rules for the specific lateral movement techniques used during the engagement.

Results

  • Full compromise path documented from initial phish to wire-transfer system access
  • 12 new SIEM detection rules deployed within 3 weeks of the debrief
  • Tier-0 credential isolation implemented prior to platform launch
  • Zero detection gaps remained in a validation retest 60 days later

Business Impact

The bank avoided a potentially catastrophic wire-fraud exposure ahead of a high-visibility platform launch, and used the engagement narrative to secure board approval for an expanded identity security budget.

Engagement Results

6 days

Time to domain compromise

11

Days undetected

12

Detection rules deployed post-engagement

Facing a similar challenge?

Let's talk about what a comparable engagement would look like for your environment.