216.73.217.80

Espionage Campaign Targeted Stock Exchange Executive for Five Months

· Published 03/06/2026 12:55 · Modified 04/06/2026 08:40

Export JSON

Essential information

Published
03/06/2026 12:55
Modified
04/06/2026 08:40
Tags
2026-06-03 email theft frpc outlook ost secretsdump stock exchange
Related entities
20 observables, 20 techniques (mitre), 4 malware, 1 others

Description

Unknown attackers conducted a five-month espionage campaign against a senior executive at a major global , systematically stealing the victim's Outlook mailbox in incremental batches. The attackers demonstrated sophisticated operational discipline by using legitimate cloud services like Dropbox and OneDrive Personal for exfiltration and command-and-control infrastructure. They employed an Aspose-based mailbox stealer to extract OST files in date-range windows, beginning with historical emails from August 2025 and continuing with regular two-to-four-week intervals through February 2026. The intrusion maintained persistence through masquerading binaries and scheduled tasks themed around legitimate Adobe and Lenovo services. By extracting mailbox data incrementally and routing traffic through trusted cloud platforms, the attackers avoided detection while building a comprehensive intelligence picture of the executive's communications and organizational activities.

External references