The SANS Institute is one of the largest organizations that offer information security training and security certification to users worldwide. One of their employees fell victim to a phishing attack that allowed a threat actor to gain access to their email account. The threat actor then proceeded to configure a rule that forwarded all email received in this account to an “unknown external email address”” and installed a malicious Office 365 add-on. SANS will host a webcast that includes information about this incident that would be useful to the greater security community.”
Source: https://www.bleepingcomputer.com/news/security/sans-infosec-training-org-suffers-data-breach-after-phishing-attack/