The U.S. Treasury Department announced a serious breach that began in July and the full depth is still unknown. Microsoft told the Treasury that dozens of email accounts were compromised within the Treasury’s Departmental Offices Unit, which contains the highest-ranking officials. Although this is commonly being discussed with the SolarWinds cyber-attack, this is likely a separate attack and was likely caused through a phishing campaign which provided credentials and allowed the cyber criminals access to mailboxes.
This is why it’s critical to monitor e-mail forwarding rules and establish MFA on your systems, it is not known what if any security measures were in place when this attack occurred.
