Skip to the content.

DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentials

Our reference DIVD-2021-00004
Case lead Lennaert Oudshoorn
Author
Researcher(s)
CVE(s)
  • n/a
Product n/a
Versions n/a
Recommendation If you have been notified that your email address(es) and password(s) are on the list, replace the password(s) everywhere you use it, as well as make sure you don’t use this combination of email address(es) and password(s) elsewhere. Use strong and unique passwords wherever you can and use a password manager if possible.
Status Closed
Last modified 12 Aug 2024 15:45 CEST

English below

Samenvatting

In april melde de security researcher Marko Simunovic aan het DIVD dat er een phishing campagne gaande was, die verschillende personen en organisaties trof die gebruik maakten van Active Directory Federation Services (ADFS). De onderzoeker meldde ook dat door zwakke beveiliging in kritieke directories, de servers van de criminelen de buitegemaakte gegevens uitlekten.

Het DIVD CSIRT heeft van de onderzoeker de gegevens ontvangen met als doel in de komende dagen de slachtoffers te notificeren via email.

Wat kunt u doen?

Als je deze pagina bezoekt omdat je een email heeft ontvangen van divd-2021-00004@divd.nl met je emailadres en een of meerdere wachtwoord(en) erin, dan betekent dit dat je ervanuit moet gaan dat deze informatie in handen is van criminelen.

Heeft u vragen of hulp nodig naar aanleiding van deze email, dan kunt u ons via dit email adres bereiken (csirt@divd.nl).

Wat doen wij?

Wij gaan, in de komende dagen, aan ieder van de email adressen op de lijst een bericht sturen zodat de slachtoffers op de hoogte zijn van het lek.

Timeline

datum Omschrijving
22-03-2021 Phishing campagne is actief
09-04-2021 Onderzoeker doet melding en levert gegevens aan bij DIVD
07-05-2021 DIVD start case en verwerkt de gegevens
09-05-2021 Eerste emails verstuurd
10-05-2021 Alle notificaties zijn verstuurd
10-05-2021 Case gesloten
gantt title DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentials dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentials (3 days) :2021-05-07, 2021-05-10 section Events Phishing campaign is active : milestone, 2021-03-22, 0d Researcher reports the campaign and data to DIVD : milestone, 2021-04-09, 0d DIVD starts a case and processes the data : milestone, 2021-05-07, 0d First notifications sent : milestone, 2021-05-09, 0d All notifications have been sent : milestone, 2021-05-10, 0d Case closed : milestone, 2021-05-10, 0d

English

Summary

At the start of April, security researcher Marko Simunovic came across this phishing campaign, and informed DIVD about this. Criminals were engaged in a phishing campaign targeting users and companies using Active Directory Federation Services (ADFS). While researching this phishing campaign, researcher discovered that the phishing infrastructure leaked the captured usernames and passwords because it improperly secured certain directories.

The DIVD CSIRT has been given the information by the researcher with the purpose of informing the victims of the breach.

What you can do

If you are visiting this page because you have received an email from divd-2021-00004@divd.nl with your email address and one or multiple password(s) in it, it means that this email/password combination has been obtained by criminals.

If you have questions about this case or need help, you can reach us on this email address (csirt@divd.nl).

What we are doing

We have received the list of email addresses and passwords. Each email address on the list will get an email over the next days to notify them of the breach.

Timeline

Date Description
22 Mar 2021 Phishing campaign is active
09 Apr 2021 Researcher reports the campaign and data to DIVD
07 May 2021 DIVD starts a case and processes the data
09 May 2021 First notifications sent
10 May 2021 All notifications have been sent
10 May 2021 Case closed
gantt title DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentials dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentials (3 days) :2021-05-07, 2021-05-10 section Events Phishing campaign is active : milestone, 2021-03-22, 0d Researcher reports the campaign and data to DIVD : milestone, 2021-04-09, 0d DIVD starts a case and processes the data : milestone, 2021-05-07, 0d First notifications sent : milestone, 2021-05-09, 0d All notifications have been sent : milestone, 2021-05-10, 0d Case closed : milestone, 2021-05-10, 0d