Outlook Hack Spies on Stock Exchange Executive for 5 Months
A cyberespionage group compromised the Outlook account of a senior executive at a major global stock exchange for nearly five months, between October 2025 and March 2026. According to threat-hunting teams at Broadcom Symantec and Carbon Black, the attackers exploited this breach to discreetly monitor internal communications, sensitive negotiations, calendars, and the executive’s travel plans. No attribution has been made, but the operation serves as a textbook case of the risks posed by the compromise of a single strategic account.
A Treasure Trove of Data Without Further Infiltration
Researchers highlight that prolonged access to an executive’s email provides an almost exhaustive view of an organization’s activities. By leveraging a wrapper around Aspose—a legitimate .NET library—the attackers extracted and exfiltrated the executive’s OST files in dated PST chunks. Two malicious binaries, disguised as Adobe Acrobat and OneDrive processes, had already been installed by October 10, 2025, with SYSTEM privileges, suggesting the initial intrusion was particularly stealthy.
The operation escalated on November 12 with the activation of command-and-control channels, marking the beginning of massive data exfiltration. Symantec notes that the campaign was not financially motivated but rather aimed at industrial or strategic espionage. The investigation into initial access methods remains ongoing, underscoring once again the critical need to secure high-risk accounts.
Source: Security Affairs. Editorial synthesis assisted by AI — TechnoExpress.