Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months
Summary
Threat actors successfully infiltrated the Outlook mailbox of a senior executive at a global stock exchange, exfiltrating data over a five-month period by sending small, repeated batches of information through cloud services like Dropbox and OneDrive. This sophisticated espionage campaign highlights the attackers' efforts to blend their malicious traffic with legitimate cloud activity, making detection more difficult. The operation was reportedly uncovered by Symantec and Carbon Black's Threat Hunter Team.
IFF Assessment
This article details a successful espionage campaign targeting a high-value individual at a critical infrastructure organization, indicating a significant threat to defenders.
Defender Context
This incident underscores the importance of robust endpoint detection and response (EDR) and robust monitoring of cloud service usage for unusual data exfiltration patterns. Defenders should be vigilant about prolonged access to sensitive mailboxes and the potential for attackers to camouflage their activities within legitimate cloud storage services.