cyber Ransomware

SANS Institute

May 11, 2023 1 min read
SANS Institute

The SANS cybersecurity training organization suffered a security breach.

It happened after one of their employees fell victim to a phishing attack that allowed a threat actor to gain access to their email account.

The SANS Institute is one of the largest organizations that offer information security training and security certification to users worldwide.

This compromise was discovered on August 6th.

The threat actor first impacted a single employee's email account and then proceeded to configure a rule that forwarded all emails received in this account to an unknown external email address and installed a malicious Office 365 add-on.

An Office 365 Oauth app was used to gain persistence to the email account.

This configured rule forwarded a total of 513 emails, with some containing a total of approximately 28,000 records of personal information (PII) for SANS members.

This information does include email addresses, full names, phone numbers, work titles, company names, and physical addresses.

Source: https://www.bleepingcomputer.com/news/security/sans-infosec-training-org-suffers-data-breach-after-phishing-attack/

"id": "SAN22923123",
"linkid": "sans-institute",
"type": "Breach",
"date": "08/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
Published by
Anjali
Anjali

Join the conversation

You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.