inksec

Has successfully completed 🎉

Code Blue - APT29 Lab

On February 10, 2026, the Security Operations Center (SOC) at Meridian Health, a mid-sized healthcare organization managing outpatient clinics, diagnostic centers, and a small research division, received multiple security alerts indicating suspicious authentication activity.Meridian Health recently modernized their IT infrastructure, migrating critical workloads to Microsoft Azure and adopting cloud-based collaboration tools including Microsoft 365 and Miro for their clinical research teams. As part of their digital transformation, they implemented federated authentication using SAML for single sign-on across their SaaS applications.The incident began when the SOC detected multiple failed authentication attempts against a user account, followed by a successful login from...

Read More