It all started with a phishing email sent to several employees
According to a report released on Tuesday by security firm Mandiant – the one put in charge of handling the South Carolina Department of Revenue (SC DOR) data breach – the attackers have compromised a total of 44 systems by utilizing at least 33 unique pieces of malicious software.It turns out that on August 13, the cybercriminals sent phishing emails to a number of DOR employees. At least one of them clicked on the link contained in the notification, unleashing a piece of malware capable of harvesting usernames and passwords.
From then on, the attackers obtained more and more passwords and gained unauthorized access to several servers.
Until October 19, when the DOR started executing remediation activities, the cybercriminals were free to install backdoors, steal database backups and files, and perform other malicious tasks.
A total of 74.7 gigabytes of data have been stolen by the attackers.
Mandiant is currently working with the DOR on the implementation of long-term recommendations that will protect the organization against future security breaches.