The target: Levitas, an Australian based hedge fund manager.
The take: $8 million
The attack vector: The attack was initiated when one of the founders clicked on a fake Zoom meeting link. This gave the attackers the ability to inject their own malicious software to take control of the high level email account, and with these powerful credentials in hand, the attackers created fake invoices for a bogus company and then sent requests for payments to be made from the firm. Authorizations from the compromised email account were sent shortly after the requests, prompting the transference of funds to the unknown companies. The threat actors then withdrew the cash.
This breach demonstrates the critical nature of verification processes, and the inherent power of high level credentials and their management. There were several flags raised along throughout the scheme and this attack shows just how important it is to review, verify, and certify transactional processes no matter to origin within a firm.