Bypass Record

Valid Accounts × SK Shieldus

A publicly-reported instance of Valid Accounts bypassing SK Shieldus, recorded with its original source. Factual record; no assessment of any specific deployment.

Product

SK Shieldus

Technique

Valid Accounts

MITRE ATT&CK

T1078

Confidence

High

Severity

High

Status

in the wild

Disclosed

2025-10-23

Config / version noted

Not stated

Provenance

www.asiae.co.kr
disclosed 2025-10-23 · original source · via exa

Reported as

The method bypassed the company's own security protocols, highlighting a failure in email account security.

Mechanism

Attackers compromised an employee email account to exfiltrate internal documents, including business proposals and reference materials. The method bypassed the company's own security protocols, highlighting a failure in email account security.

Detection & mitigation

Monitor for anomalous email account activity such as logins from unusual locations, impossible travel, or access outside business hours. Enforce multi-factor authentication (MFA) and conditional access policies to prevent unauthorized email account access.

Valid Accounts has also been recorded against

CrowdStrike Microsoft SOCFortress Tripwire

This is a record of a publicly-reported event, not an assessment of any specific organization's deployment. Detection and mitigation notes are drawn from the cited source. Where the source is silent, fields are omitted.