RSA said the attack started with phishing emails sent to small groups of low-profile RSA users (presumably employees) The attackers then started harvesting credentials and made their way up the. food chain via both IT and non-IT personnel accounts, until they. finally obtained privileged access to the targeted system. The. external compromised machine at a hosting provider saw the attack, using its implementation of NetWitness, and stopped the attack before more damage could be done. The irony with RSA is that they dont eat their own dog food, they relied on yesterdays best of breed tools to prevent and detect the attack.”]