Ficsit Inc. — Pioneer Division
Incident Response Reports
Formal post-incident documentation for security events affecting Ficsit Inc. Pioneer Division. Each report covers the full attack chain, forensic evidence, containment actions, and recommendations.
Active & Significant Incidents
INV-2024-0087 · CASE-2024-0267 Critical Active — Contain
Operation IRON CHIMNEY — Ransomware & Double Extortion
AiTM phishing campaign delivering IRONLOCK v2.1 ransomware to Ficsit Pioneer Division R&D infrastructure. 847 research files encrypted. 547 MB exfiltrated. Concurrent MFA fatigue attack on executive account m.blake used to enumerate internal network topology prior to payload deployment.
ransomware aitm-phishing double-extortion mfa-fatigue data-exfiltration iron-chimney
847 files encrypted
547 MB exfiltrated
3 SOAR playbooks triggered
TA-001 — Eastern Europe
May 27, 2026
BEC-001 · CASE-2024-0218 Critical Blocked
BEC-001 — CEO Wire Fraud Impersonation
Business email compromise targeting CFO j.whitfield. Attacker impersonated CEO Marcus Reynolds using a Gmail display-name spoof requesting an urgent $47,500 wire transfer to a fraudulent account. Detected and blocked by Foyl MailGuard. BEC confidence score 97%.
bec ceo-fraud wire-fraud social-engineering
$47,500 wire attempt
Zero financial loss
TA-002 — COBALT MANTIS
May 27, 2026
VF-001 · THREAT-003 High Quarantined
VF-001 — Vendor Fraud Homoglyph Domain Attack
Lookalike domain attack using acme-industr1al.com (digit "1" substituted for letter "l") impersonating legitimate vendor Acme Industrial Supplies. Fraudulent invoice for $23,847 directed AP to an alternate bank account. Detected by domain-age heuristics and SPF/DKIM failure chain.
vendor-fraud homoglyph invoice-redirect lookalike-domain
$23,847 invoice fraud
Intercepted — no payment
TA-002 — COBALT MANTIS
May 27, 2026
About These Reports

These reports are formal incident response documentation generated from data across Ficsit Inc.'s full security toolstack — SIEM, EDR, Foyl MailGuard, Identity Protection, NGFW, TIP, SOAR, and Queue. All data is fictional and scoped to the foyl Scenarios training environment. Each report is available in dark mode (default) or projector-friendly light mode via the toggle in the navigation bar.