After gathering much information from the supervisor who received the original email in question, as well as events having occurred with immediate subsequence, it seems highly evident that the method of intrusion was a result of spear phishing campaign, which typically involves sending a seemingly genuine email containing a seemingly genuine link. However, the email, while pretending to be from a friendly
(“recognizable” or “valid” or “authorized”) individual, but is far from that. The link is very malicious, designed to redirect (cause the web browser to go to an unintended/unwanted/ unknown/undesired web page) a person’s web browser to a webpage that is (phony and) malicious in nature, seeking only to execute commands that are for clandestine purposes. The typical outcome involves installation of some form of malware (keylogger, virus, trojan, browser hijacker, remote access backdoor, network and password sniffer, data extractor, ransom hijacker, and so much more) on the user’s computer (keeping in mind the user clicked on the link).
In this case, it is likely that a remote access Trojan with keylogger capabilities at minimum, with possible network sniffing capabilities, was installed that captured the keystrokes of the user, thus obtaining user name and password, but also trolled through network activity to obtain potential accounts (username and password) that would have higher level administrative permissions in case this particular user did not have such robust access. Simply stated, the user was a victim of a social engineering attack whereby the user clicks on a compromised (as in malicious in nature) link that can cause serious network, data and information security intrusion to the entire organization, and not just that particular computer, for the remote access and data trolling
