Security News > 2020 > August > SANS Institute Says Multiple Employees Targeted in Recent Attack
The SANS Institute says the recently disclosed security incident involved phishing emails being sent to several of its employees.
Following the initial disclosure of the security incident, SANS published indicators of compromise associated with it, revealing that, on July 24, the attackers sent a phishing email to multiple employees, although only one of them fell to the trick.
The O365 add-in caused a forwarding rule to be configured on the victim's account, which resulted in 513 emails being forwarded to an unknown external email address," SANS explains.
"Based on the users who received the phishing email and the data the attacker was interested in acquiring via the malicious email forwarding rule, there is no indication that this directly targeted the SANS organization or its customers. The attack appears to have been opportunistic with financial theft the intent," SANS says.
"Even though SANS was not legally required to report the incident, SANS nonetheless notified its affected customers in the interests of full transparency, as a matter of good practice, and to ensure that our affected customers had relevant information at hand," the company notes.