"We have identified a single phishing e-mail as the vector of the attack. As a result of the e-mail, a single employee's email account was impacted. Aside from the affected user,
we currently believe that no other accounts or systems at SANS were compromised," states the SANS data incident notification. The threat actor then proceeded to configure a rule that forwarded all email received in this account to an "unknown external email
address" and installed a malicious Office 365 add-on.
Learn more >