P2019-ND-160

In early February 2019, an employee?s email account was compromised as a result of a phishing email. On March 1, 2019, the Organization?s external IT service provider emailed administration credentials to the employee that were then used by the unauthorized user on March 5, 2019 to delegate the inboxes of six (6) additional staff to the employee. The employee identified the issue and reported it to the Organization?s IT personnel. The inbox delegations were removed and all passwords reset. The Organization?s investigated and found that 35 documents were viewed by the unauthorized party. The investigation also found there was no indication of persistent compromise and it is not believed that the attack resulted in the installation of malware. The forensics analysis was not able to confirm or rule out access to or exfiltration of information in emails but due to the pattern of the attack, the likelihood was deemed to be low.

File Type: pdf
File Size: 629 KB
Categories: 2019