On November 25th, 2019, a ?spear phishing? email was sent to some of the Organization?s email addresses. One employee clicked on an attachment that installed a rule in the Employee’s Outlook account. As a result, the attacker collected a copy of certain emails addressed to the employee between November 25-December 31, 2019. The attacker also created a similar but fake email address for the employee and contacted some of the Organization?s clients while impersonating the employee and attempting to redirect premium payments via wire transfer to an offshore bank account. The cyberattack was discovered On January 2, 2020, and the Organization identified the source and immediately closed it. The Organization confirmed that the attacker did not gain access to any systems or user accounts. A total of 264 emails were leaked. The attacker still holds the breached information.
P2020-ND-081
File Type:
pdf
File Size:
618 KB
Categories:
2020