LaSalle County phishing spree targets Microsoft 365 admins

Attackers sent convincing administrative alerts to county staff, harvesting credentials and setting inbox rules to hide exfiltration activity.

Stolen mailboxes were then used to pivot toward law-enforcement partners, amplifying the blast radius beyond the county itself.

Prevention playbook:

• Deploy advanced phishing protection with real-time URL scanning and domain impersonation detection.
• Enable mailbox auditing, block auto-forwarding to external domains, and alert on suspicious rule creation.
• Deliver hands-on security awareness sessions tailored to public sector workflows and terminology.