Documeted by: Chukwuemeka Peter Eze

OBJECTIVE

The purpose of this report is to analyze and document the recent breach incident at DigitalWitch Cyber Solutions following their migration of IT infrastructure to the cloud. This report aims to:

This project showcases my ability to assess threats, reduce vulnerabilities, and secure cloud infrastructure under pressure.

OVERVIEW

In today’s evolving cyber landscape, cloud environments present both opportunities and challenges. While cloud adoption accelerates business agility, it also introduces new risks such as misconfigurations, weak identity management, and lack of continuous monitoring.

In this simulation, I stepped into the role of a Cloud Security Analyst at DigitalWitch Cyber Solutions Ltd, shortly after the company migrated 80% of its infrastructure to AWS. Within weeks, multiple departments reported access issues, suspicious traffic, and a ransomware outbreak. signaling a likely breach. Early investigations point to misconfigured cloud services that can open attack vectors which could be exploited by a sophisticated threat actor, APT41.

This project captures my full investigation and response, from identifying key risks and misconfigurations to applying cloud security best practices like IAM tightening and firewall rule audits. It reflects a real-world scenario where quick thinking, strategic analysis, and cloud expertise come together to defend against advanced persistent threats (APT41).

This report is structured into several subpages for clarity:

  1. Common Cloud Misconfigurations – Highlighting typical cloud weaknesses that may have contributed to the breach.

📄 COMMON CLOUD MISCONFIGURATION (1)

  1. Threat Actor Profile: APT41 – Analyzing the capabilities, motivations, and tactics of the suspected attacker.