The Canadian National Research Council has been compromised in a cyberattack. The Canadian National Research Council (NRC) is the Government of Canada’s premier research and technology organization.

NRC

The attack forced the shut down of NRC’s computer network in July.  The attackers sought to steal valuable trade secrets and intellectual property.  The attack is being blamed on China. CBC News describes the details of the attack:

The cyber response centre’s report details the “exploitation cycle” of the attack, saying it began with the collection of valid email addresses for research council employees. Messages containing malicious links were then sent to the employees’ inboxes — a tactic known as spear phishing.

Those who unwittingly clicked on the innocent-looking links set the next phase in motion by leading them to what cyber-sleuths call a “watering hole website” — a site of likely interest to people working in a specific organization or industry.

“In this case, malware was downloaded onto the victims’ system after users, using a vulnerable version of Internet Explorer, visited compromised websites,” the report says.

Installation of the malware then allowed the hackers to set about stealing credentials such as usernames and passwords, the keys to the corporate network. This allowed the hackers to connect the compromised research council system to their computers abroad.

This is merely one more incident which demonstrates that users will decide which emails to trust. That decision can be guesswork or it can be guided by IT using SP Guard from Iconix.