Espionage Campaign Targeted Stock Exchange Executive for Five Months
Security.com, Wednesday, June 3rd, 2026
A five-month espionage campaign systematically stole emails from a stock exchange executive using malware and cloud services.
Attackers conducted a sophisticated five-month espionage campaign targeting a senior executive at a global stock exchange, focusing on stealing their Outlook mailbox contents for intelligence on internal negotiations and market-moving information.
The attackers used legitimate cloud services (Dropbox and OneDrive) for command and control and data exfiltration, along with publicly available tools to avoid detection. They deployed masquerading binaries mimicking Adobe and OneDrive services, achieved system-level persistence through scheduled tasks, and used an Aspose-based OST stealer to repeatedly extract incremental portions of the target's email in small archives.
The attack chain revealed detailed operational discipline, including rotating access credentials and adjusting extraction time windows to continuously harvest the executive's complete mailbox over the five-month period without being detected by security software.