Dunno if you have been following the recent SecurID hack at RSA?
They fessed up then went quiet for a few weeks so a few people assumed the worst.
(If you dont know what SecurID is, is a little token (about 10mm by 30) that generates a new 6 digit number every minute. That number can be synched to a login server to ensure only people with the right physical token can login in.)
It does appear to be a very clever attack, the spreadsheet had such an interesting name that one of the targets pulled it from the junk folder and opened it running the flash. I didn’t see anywhere whether the workbook had any VBA in or not.
One important point though is that it was a Flash vulnerability they exploited, Excel was merely the delivery mechanism. No Excel vuln was used, just its ability to act as a container.
I didn’t see how they were discovered either, but it sounds like the attackers pretty much got most of what they were after.
I wonder how many other orgs have been hit by this sort of attack, and either haven’t discovered it yet or haven’t admitted it in public?
Got any good links?