Re: Email based attack on University
On 2019-10-02, Torben Schou Jensen <tsj@swampthing.dk> wrote:
> Interesting story.
>
> I am missing technical details.
> I do not understand how preview of e-mail can result in hackers stealing
> userid and password, what kind of mail program was used?
>
Yeah, it's better to go directly to the publicly available incident report:
https://imagedepot.anu.edu.au/scapa/Website/SCAPA190209_Public_report_web_2.pdf
But the email program used by Client 0 is unspecified.
The original spearphishing email (which is assumed to have contained
some sort of self-executable code) was deleted (too late!) and proved
unrecoverable.
Subsequent spearphishing emails, however, used Word attachments as a
vector (Appendix A, B, and C of the report). I also note a zip file
attachment in the Appendix.
--
"There are no foreign lands. It is the traveler only who is foreign."
-- Robert Louis Stevenson
Reply to: