Re: Email based attack on University

To: debian-user@lists.debian.org
Subject: Re: Email based attack on University
From: Curt <curty@free.fr>
Date: Wed, 2 Oct 2019 12:25:08 -0000 (UTC)
Message-id: <[🔎] slrnqp95p4.1q6.curty@einstein.electron.org>
References: <[🔎] dc2186e3-138a-ba0e-3243-fd7766b24db2@gmail.com> <[🔎] 54ee1ddd-6324-4f70-8517-942c4a8e63aa@www.fastmail.com> <[🔎] 48268db219e522e0d9b18b418f1c7f67.squirrel@swampthing.dk>

On 2019-10-02, Torben Schou Jensen <tsj@swampthing.dk> wrote:
> Interesting story.
>
> I am missing technical details.
> I do not understand how preview of e-mail can result in hackers stealing
> userid and password, what kind of mail program was used?
>

Yeah, it's better to go directly to the publicly available incident report:

https://imagedepot.anu.edu.au/scapa/Website/SCAPA190209_Public_report_web_2.pdf

But the email program used by Client 0 is unspecified.

The original spearphishing email (which is assumed to have contained
some sort of self-executable code) was deleted (too late!) and proved
unrecoverable.

Subsequent spearphishing emails, however, used Word attachments as a
vector (Appendix A, B, and C of the report). I also note a zip file
attachment in the Appendix.

-- 
"There are no foreign lands. It is the traveler only who is foreign."
-- Robert Louis Stevenson

Reply to:

Follow-Ups:
- Re: Email based attack on University
  - From: Lee <ler762@gmail.com>

References:
- Email based attack on University
  - From: Keith Bainbridge <keithrbau@gmail.com>
- Re: Email based attack on University
  - From: "Jeremy Nicoll" <jn.ml.dbn.25@letterboxes.org>
- Re: Email based attack on University
  - From: "Torben Schou Jensen" <tsj@swampthing.dk>

Prev by Date: Re: shell wrappers for trig and other mathematical functions
Next by Date: Re: Email based attack on University
Previous by thread: Re: Email based attack on University
Next by thread: Re: Email based attack on University
Index(es):
- Date
- Thread