SleepyEgg

Security firm RSA announced in March that it had been the victim of a hack that it described as "extremely sophisticated." The company has now shared some details of the attack. "Extremely sophisticated"? More like "run-of-the-mill."

A spear-phishing e-mail was sent to two small groups within the company. Though the e-mail was automatically marked as Junk, the subject of the message ("2011 Recruitment Plan") tricked one employee into opening it anyway. Attached to the mail was an Excel spreadsheet, "2011 Recruitment plan.xls". Embedded within the spreadsheet was a Flash movie that exploited a Flash vulnerability. Adobe has since released an emergency patch for the flaw.