Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label IKEA. Show all posts

IKEA Suffers Phishing Cyberattack, Employees Mail Compromised

 

Once the mail servers are compromised, hackers use them for gaining access to reply to the organization's employee emails in reply-chain attacks. If a message is sent from a company, it saves the hacker from getting caught. Hackers also compromise access to internal company emails, targetting business partners. IKEA warned its employees of an ongoing reply chain phishing attack on internal mailboxes. The compromised emails are also sent from different IKEA organizations and firm partners. The cyberattack targets Inter IKEA mailboxes, and different IKEA companies, business partners and suppliers, that were affected by the same attack.

"The emails originate from the same internal network, appear to be a continuation of a previous discussion between two employees. The attacker did not use tools for lateral movement or execute malware on the Exchange servers to avoid detection. The emails use weaponized Office documents or include a link to them. Upon enabling the content, malicious macros are executing to download and install the malware, such as Qbot, Cobalt Strike, and SquirrelWaffle," reports SecurityAffairs. 

The attack is also sending these malicious emails to employees in users in IKEA organizations. Meaning, the attack might come from emails, it can come from a co-worker, an external company, or a reply thread for an already continued conversation. It is a warning to the employees which hints that fraud messages are difficult to notice because they come from within an organization. Phishing messages containing downloaded links include seven digits at the end, the organization asked employees to bring to notice if they find anything suspicious. 

IKEA also disabled the option of employees sending the emails from quarantine, to avoid the confusion that messages were separated for error by email filters. Security Affairs reports, "recently Trend Micro spotted a malware campaign aimed at Microsoft Exchange servers that exploits ProxyShell and ProxyLogon issues and use stolen internal reply-chain emails to avoid detection."