Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,176
Content source
https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html
A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers.

"The emails use a social engineering technique of conversation hijacking (also known as thread hijacking)," Israeli company Intezer said in a report shared with The Hacker News. "A forged reply to a previous stolen email is being used as a way to convince the recipient to open the attachment. This is notable because it increases the credibility of the phishing email and may cause a high infection rate."

The latest wave of attacks, detected in mid-March 2022, is said to have targeted organizations within energy, healthcare, law, and pharmaceutical sectors.
Click to expand...
"The payload has also moved away from using Office documents to the use of ISO files with a Windows LNK file and a DLL file," researchers Joakim Kennedy and Ryan Robinson said. "The use of ISO files allows the threat actor to bypass the Mark-of-the-Web controls, resulting in execution of the malware without warning to the user."

The idea is to send fraudulent replies to an already existing email thread plundered from the victim's account by using the compromised individual's email address to make the phishing emails appear more legitimate.

"The use of conversation hijacking is a powerful social engineering technique that can increase the rate of a successful phishing attempt," the researchers concluded. "By using this approach, the email appears more legitimate and is transported through the normal channels which can also include security products."
Click to expand...
thehackernews.com

Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware

Hackers exploit unpatched Microsoft Exchange servers to hijack email reply chains, tricking victims into installing IceID malware.
thehackernews.com thehackernews.com
 
  • Like
Reactions: Venustus, blackice, Andy Ful and 1 other person
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
    • +Reputation
New PowerExchange malware backdoors Microsoft Exchange servers
Replies
0
Views
969
News Archive
MuzzMelbourne
MuzzMelbourne
[correlate]
    • Like
Jupiter X Core WordPress plugin could let hackers hijack sites
Replies
0
Views
875
News Archive
[correlate]
[correlate]
silversurfer
    • Like
    • +Reputation
Malware News Pikabot Malware Surfaces as Qakbot Replacement for Black Basta Attacks
Replies
0
Views
987
Security News
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top