NHS Email Servers used for Phishing Attacks

Cybercriminals reportedly hacked UK’s National Health Service, shortly dubbed NHS to launch over 1000 phishing emails from the compromised servers. This incident was discovered by a research firm named Inky and it confirmed that the illegal access to the servers was carried out for a time frame of six months ending in March this year.

Inky researchers claim NHS servers might have been compromised around October last year and the fraudulent access to email servers and exploitation ended in March 2022 and was discovered in April this year.

The reason for the end of March 2022 is the fact that the healthcare services provider conducted an annual audit on its security systems and immediately blocked fraudulent access to the servers.

Cybersecurity Insiders learned that the email accounts of about 139 employees were compromised in the incident, leading to the generation of 1157 phishing emails from NHS email boxes.

The aim behind the campaign was simple- to collect credentials, mainly those related to Microsoft from the employees of NHS and use them in brute force attacks.

It is still unclear whether the stolen details were used in other campaigns to access the computer networks of companies fraudulently.

Note 1- NHS reacted to the news on an immediate note and apparently denied any such incident taking place on its servers. It added that it has the right tools to monitor and proactively mitigate such risks and is being done in collaboration with its partners.

Note 2- In the year 2020, a media resource leaked to the world that NHS was selling data of millions of its patients to pharmaceutical companies operating in the USA and in other parts of the world. This includes patients’ medical histories and treatment that is been given to them…..isn’t that concerning?

Ad
Join over 500,000 cybersecurity professionals in our LinkedIn group "Information Security Community"!
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display