Digital Forensics Dispatch

SANS Institute Phishing Attack Compromises 28,000 Records

August 13, 2020

Phil Muncaster from Infosecurity Magazine reports that on August 6, the SANS Institute discovered that hundreds of emails from an internal account were forwarded to an unknown third party. SANS has stated that a regular review of email configuration settings revealed a forwarding rule that was flagged as suspicious. The emails that were forwarded contained information such as first and last names, work titles, company name, industry, address and more.

Muncaster writes “SANS Institutes confirmed to Infosecurity that the exposed data belonged to individuals that had registered for one of its virtual summits and ‘was intended for community outreach purposes.’” The investigation into the forwarding revealed that there were a total of 513 emails forwarded to the unknown email address and that a malicious Office 365 add-on was installed on the victim’s machine as part of the attack. The attack vector was a single phishing email that infected the victim’s machine allowing for the setup of the forwarding. SANS has since secured the account to prevent any other release of information. The SANS digital forensics team is looking into the attack to determine if any other information was compromised due to the breach. SANS has posted information on their website about the incident, and has stated that passwords and financial information were not disclosed in the incident.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics