Security researchers have located an infected email suspected to be the culprit of the RSA SecurID hack in March.
In March, unknown attackers tricked EMC staff with a legitimate-looking hiring message that contained a “backdoor,” allowing the culprits to invisibly lurk inside the company’s computer systems until they found the SecureID network login information.
Allegedly the hacker could not successfully break into the desired databases without access to the RSA provided SecurID information.
The email, found by F-Secure‘s Timo Hirvonen, was titled ‘2011 Recruitment plan’ and contained one line of content: ‘I forward this file to you for review. Please open and view it’. Attached was an Excel spreadsheet.
F-Secure is showcasing the original infected email on their website as well as YouTube video that takes viewers through the EMC employee’s accidental steps that led to the March exploit.