On 2019-10-02, Torben Schou Jensen <t...@swampthing.dk> wrote: > Interesting story. > > I am missing technical details. > I do not understand how preview of e-mail can result in hackers stealing > userid and password, what kind of mail program was used? >
Yeah, it's better to go directly to the publicly available incident report: https://imagedepot.anu.edu.au/scapa/Website/SCAPA190209_Public_report_web_2.pdf But the email program used by Client 0 is unspecified. The original spearphishing email (which is assumed to have contained some sort of self-executable code) was deleted (too late!) and proved unrecoverable. Subsequent spearphishing emails, however, used Word attachments as a vector (Appendix A, B, and C of the report). I also note a zip file attachment in the Appendix. -- "There are no foreign lands. It is the traveler only who is foreign." -- Robert Louis Stevenson
