A security engineer is reviewing log files after a third party discovered usernames and passwords for the organization's accounts. The engineer sees there was a change in the IP address for a vendor website one week earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?


A. Man-in-the-middle
B. Spear-phishing
C. Evil twin
D. DNS poisoning