23 Expert Guides

Breach Analysis: What Actually Happened and How to Stop It

23 in-depth analyses of real breaches, ransomware, zero-days, and APT campaigns

Real incidents teach more than theoretical frameworks. This library analyses 23 real breaches — ransomware attacks on the NHS, supply-chain compromises, zero-days exploited in the wild, and APT campaigns. Each analysis reconnects the attack to specific controls that would have closed the gap, whether Cyber Essentials baseline, CE Plus technical audit, or advanced monitoring.

All Guides in This Library

Log4Shell: The Logging Library That Could Execute Arbitrary CodeHow a feature in Apache Log4j became CVE-2021-44228, scored CVSS 10.0, and exposed the fact that most organisations had no idea what software they wer
MuddyWater: How Iran's Intelligence Service Keeps Rebuilding Its Attack InfrastructureThe evolution of MuddyWater's command and control frameworks from Python to Go, how MOIS-linked operators target telecoms and government, and what eac
Southern Water and Black Basta: How 750 GB of Personal Data Left a UK UtilityBlack Basta stole 750 GB from Southern Water in January 2024, including National Insurance numbers and passport scans. Here is what happened, what it
The 3CX Supply Chain Attack: How North Korea Turned One Employee's Download Into 600,000 Compromised InstallationsIn March 2023, the Lazarus Group compromised the 3CX desktop application through a cascading supply chain attack that began with a trojanised trading
The Change Healthcare Attack: How Stolen Credentials and a Missing MFA Config Exposed 190 Million Patient RecordsIn February 2024, the ALPHV/BlackCat ransomware group used stolen credentials to access a Change Healthcare Citrix portal that lacked multi-factor aut
The Colonial Pipeline Attack: How a Single VPN Password Shut Down 5,500 Miles of Fuel SupplyIn May 2021, a compromised VPN credential with no multi-factor authentication gave DarkSide ransomware operators access to Colonial Pipeline's IT netw
The County Mayo Water Hack: How a Default Password Took 180 Homes OfflineIn December 2023, an IRGC-affiliated group called CyberAv3ngers compromised a Unitronics PLC controlling a water supply in rural Ireland. The default
The CrowdStrike Outage: What Actually Happened Inside 8.5 Million MachinesA technical breakdown of the July 2024 CrowdStrike outage. How a configuration file triggered a kernel-level crash, why recovery took 10 days, and wha
The Exchange ProxyLogon Attack: How Four Zero-Days Gave HAFNIUM Access to 250,000 ServersIn March 2021, the HAFNIUM threat group exploited four zero-day vulnerabilities in Microsoft Exchange Server to compromise over 250,000 servers worldw
The HSE Ireland Ransomware Attack: Eight Weeks of Missed SignalsHow Conti ransomware encrypted 80% of Ireland's health service IT estate after eight weeks of undetected lateral movement, and what the PwC post-incid
The Ivanti VPN Zero-Day: How a Buffer Overflow in a VPN Appliance Breached the UK's Domain RegistryIn December 2024, a suspected Chinese state-sponsored group exploited CVE-2025-0282, a critical stack-based buffer overflow in Ivanti Connect Secure,
The JLR Cyber Attack: How a Single Breach Contracted UK GDPInside the Jaguar Land Rover cyber incident that shut down production for five weeks, cost GBP 1.9 billion, and triggered the UK's first cyber-related
The Kaseya VSA Attack: How REvil Turned One Vulnerability into 1,500 Ransomware InfectionsA technical breakdown of the July 2021 Kaseya VSA supply chain attack. How REvil exploited an authentication bypass in managed service provider softwa
The MOD Payroll Breach: How a Government Contractor Exposed 272,000 Military Personnel RecordsIn May 2024, a breach of the UK Armed Forces payroll system exposed names, bank details, and home addresses of up to 272,000 serving personnel, reserv
The MOVEit Breach: How SQL Injection Gave Cl0p Access to 2,773 Organisations Without Deploying RansomwareIn May 2023, the Cl0p ransomware group exploited a SQL injection vulnerability in Progress Software's MOVEit Transfer to steal data from 2,773 organis
The NotPetya Attack: How a Tax Software Update Destroyed $10 Billion in 90 MinutesNotPetya was a wiper disguised as ransomware, deployed through a supply chain compromise of Ukrainian tax software MeDoc. It combined EternalBlue, cre
The Okta Breach: How Teenagers With Commodity Tools Compromised an Identity Provider Serving ThousandsIn January 2022, the Lapsus$ group compromised a third-party support contractor to access Okta's internal systems. The breach exposed the architectura
The Snowflake Customer Breaches: How Stolen Passwords From 2020 Gave Two Hackers Access to 165 OrganisationsIn May 2024, a financially motivated threat group called UNC5537 used credentials stolen by infostealer malware to access Snowflake customer instances
The SolarWinds SUNBURST Attack: How Clean Source Code Produced a BackdoorHow Russian intelligence poisoned SolarWinds' build system to inject a backdoor into 18,000 organisations while the source code remained untouched, an
The Stryker Attack: When Your Own Device Management Becomes the WeaponHow Iranian-linked hackers weaponised Stryker's Microsoft Intune to wipe devices globally, disrupting medical device manufacturing across 79 countries
The Synnovis Ransomware Attack: How One Pathology Provider Took Down Six NHS TrustsOn 3 June 2024, Qilin ransomware hit Synnovis, a private pathology provider. Within hours, blood testing collapsed across south-east London. 10,152 ap
The TfL Cyberattack: How Scattered Spider Stole 7 Million Customer Records Without Disrupting a Single TrainIn September 2024, a cyberattack on Transport for London exposed the data of up to 10 million people, cost over GBP 30 million to remediate, and force
The WannaCry Ransomware Attack: How a Kill Switch Stopped a Global WormHow WannaCry infected more than 200,000 computers in 150 countries, disrupted 81 NHS trusts, and was stopped by a researcher who registered a domain n

Ready to Get Started?

Skip the research and talk to an expert. Our lead assessor has worked with 800+ UK organisations.