Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,545
Content source
https://thehackernews.com/2022/03/hackers-hijack-email-reply-chains-on.html
A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers.

"The emails use a social engineering technique of conversation hijacking (also known as thread hijacking)," Israeli company Intezer said in a report shared with The Hacker News. "A forged reply to a previous stolen email is being used as a way to convince the recipient to open the attachment. This is notable because it increases the credibility of the phishing email and may cause a high infection rate."

The latest wave of attacks, detected in mid-March 2022, is said to have targeted organizations within energy, healthcare, law, and pharmaceutical sectors.
Click to expand...
"The payload has also moved away from using Office documents to the use of ISO files with a Windows LNK file and a DLL file," researchers Joakim Kennedy and Ryan Robinson said. "The use of ISO files allows the threat actor to bypass the Mark-of-the-Web controls, resulting in execution of the malware without warning to the user."

The idea is to send fraudulent replies to an already existing email thread plundered from the victim's account by using the compromised individual's email address to make the phishing emails appear more legitimate.

"The use of conversation hijacking is a powerful social engineering technique that can increase the rate of a successful phishing attempt," the researchers concluded. "By using this approach, the email appears more legitimate and is transported through the normal channels which can also include security products."
Click to expand...
thehackernews.com

Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware

Hackers exploit unpatched Microsoft Exchange servers to hijack email reply chains, tricking victims into installing IceID malware.
thehackernews.com thehackernews.com
 
  • Like
Reactions: Venustus, blackice, Andy Ful and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Wow
Security News Chinese hackers breach more US telecoms via unpatched Cisco routers
Replies
0
Views
531
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
Security News Star Blizzard hackers abuse WhatsApp to target high-value diplomats
Replies
1
Views
532
Security News
Vitali Ortzi
Vitali Ortzi
enaph
    • +Reputation
Security News Nintendo Warns of Spoofed Emails Impersonating Official Account
Replies
0
Views
1,053
Security News
enaph
enaph

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top