SANS Institute

The SANS cybersecurity training organization suffered a security breach.

It happened after one of their employees fell victim to a phishing attack that allowed a threat actor to gain access to their email account.

The SANS Institute is one of the largest organizations that offer information security training and security certification to users worldwide.

This compromise was discovered on August 6th.

The threat actor first impacted a single employee's email account and then proceeded to configure a rule that forwarded all emails received in this account to an unknown external email address and installed a malicious Office 365 add-on.

An Office 365 Oauth app was used to gain persistence to the email account.

This configured rule forwarded a total of 513 emails, with some containing a total of approximately 28,000 records of personal information (PII) for SANS members.

This information does include email addresses, full names, phone numbers, work titles, company names, and physical addresses.

Source: https://www.bleepingcomputer.com/news/security/sans-infosec-training-org-suffers-data-breach-after-phishing-attack/

"id": "SAN22923123",
"linkid": "sans-institute",
"type": "Breach",
"date": "08/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"