• Services
    • Mergers, Acquisitions and Divestitures (MAD): Know Before You Grow
    • Applications Packaging
    • Application Lifecycle Management
    • Professional Services
    • Road Map’s Asset Management Program (RAMP)
  • Experience
  • Partners & Products
  • About
    • Our Values
    • Our Focus
    • Leadership Team
    • Advisory Board
    • Philanthropy
  • News
  • Blog
  • Contact
  • News
  • Blog
  • Contact
Roadmap Technologies, LLC
Call Us! 314.222.0057
Roadmap Technologies, LLC
  • Home
  • Services
    • Discovery Assessments
    • Road Map’s Asset Management Program (RAMP)
    • Application Packaging
    • Application Lifecycle Management
    • Professional Services
    • Cyber Security Services
      • Technical Compliance Assessments
  • Experience
  • Partners & Products
  • About Us
    • Our Focus
    • Our Values
    • Testimonials
    • Leadership Team
    • Advisory Board
    • Philanthropy

LARGE UNIVERSITY 365 ADMIN BREACH DISCOVERED

published on April 04, 2023
tagged in Cybersecurity

Roadmap Security Operations Case Study

 

W H A T  H A P P E N E D

During an incident response triage workflow, a Roadmap security analyst discovered that a suspected email based phishing attack was not only malicious but appeared to come from a nationally recognized University in the United States.

While it may sound like this school got into the hacking
business, this security event in most cases just confirms
that one or more users’ email accounts have been
compromised and are being used for malicious
purposes unknown to them.
However, in this case, the email address used did not
conform to the University typical email address patterns, which raised another red flag to Roadmap’s analysts.

Upon reaching out to and further discovery with the
University, un-authorized admin access had been
discovered and confirmed to have been created from a
remote location.

W H Y  I S  T H I S  I M P O R T A N T

This level of unknown access grants an attacker infinite
privileges to harm both the University, as well as steal
their trusted reputation to harm others.
Identification of this type of breach is imperative in
preventing advanced cyber incidents such as
ransomware and sensitive data exposure.

 A T  A  G L A N C E

 Initial Discovery

  • Email-based phishing attack was
    forwarded to Roadmap’s incident
    response team for analysis.

Triage

  • Email confirmed to have embedded
    attachment containing advanced
    malware disguised as an invoice
  • Embedded HTML file utilizes several
    obfuscate and persistence
    techniques to evade detection and
    run PowerShell commands
  • Origin confirmed as a large
    University in the United States
  • Email account created for
    malicious purposes unknown to the
    University security team
  • Admin access from an unauthorized remote location
    discovered

 

Ready To Simplify?

Road Map Technologies is your partner for reliable technology integration and managed services

Get Started

Recent Posts

  • Why Cybersecurity Insurance is Essential for Modern Businesses
  • The Hidden Costs of Cyber Attacks: How Insurance Can Help
  • Navigating Cybersecurity Insurance: Key Considerations for Business Leaders
  • Why ITSM is Critical for Modern Businesses
  • 5 Ways ITSM Can Boost Your Company’s Productivity

About Us

  • About
  • Contact
  • News
  • Blog

Services

  • Mergers, Acquisitions and Divestitures (MAD): Know Before You Grow
  • Road Map’s Asset Management Program (RAMP)
  • Applications Packaging
  • Application Lifecycle Management
  • Professional Services
  • Staff Augmentation

Partners & Products

  • Flexera
  • SentinelOne
  • RAMP (Road Map’s Asset Management Program)
  • RayNET

Road Map Technologies LLC

111 Wesport Plaza 6th Floor
Saint Louis, MO 63146

314.222.0057


Road Map Technologies

Application Remediation Management Group

Copyright © 2025. Road Map Technologies LLC. All Rights Reserved.