Stories from the SOC: When threats come from inside the house

Expel MDR detected and stopped an internal phishing incident in which an attacker used a compromised employee email to distribute a malicious link that downloaded an attacker-controlled remote management tool to five users; the SOC contained the affected accounts and hosts, blocked related domains/IPs, and recommended conditional access and application control to prevent recurrence.