Last month, the EMC-owned security firm admitted the systems behind its two-factor security product, SecurID, had been hacked.
However, it's taken weeks for the company to reveal the cause of the attack. Uri Rivner, head of new technologies, said the attackers gathered data on staff using social-media sites, using them to send a personalised email - a so-called spear phishing attack.
"The attacker in this case sent two different phishing emails over a two-day period," Rivner said in a blog post. "The two emails were sent to two small groups of employees; you wouldn’t consider these users particularly high-profile or high-value targets."
That email contained a malicious spreadsheet, which took advantage of a zero-day flaw in Adobe Flash to infect machines and give attackers remote access.
Rivner said the attack showed that people remained the weakest link. "You don’t bother to just simply hack the organisation and its infrastructure; you focus much more of your attention on hacking the employees."
Rivner stressed that RSA noticed the attack while it was still in progress, but Carole Theriault, senior security consultant at Sophos, noted the firm left a few details out.
"What did the attackers take? How does it affect your customers? What can they do about it? What are you doing to stave off future similar attacks?" she said in a blog post.
"However, I am really pleased that RSA sketched out some of the details of the attack," she added. "I don't know if they planned to do so all along, or if they bowed to external pressure to do so."
This article originally appeared at pcpro.co.uk