Skip to content

Global Stock Exchange Targeted in Months-Long Email Campaign Using Windows Tools

Key takeaway: Attackers used native Windows tools to monitor an email mailbox at a global stock exchange undetected for months.

An attacker gained access over months to the email mailbox of a senior financial manager at a global stock exchange by abusing legitimate Windows system commands. The attack remained undetected for an extended period.

An attacker managed to obtain continuous access to an email mailbox of a financial manager at a globally operating stock exchange. The attack was characterized by the fact that the attacker used exclusively native Windows tools – that is, legitimate functions present in the operating system that are normally intended for systemic tasks.

For CISOs, this incident carries significant security implications: attackers circumvent conventional signature-based detection mechanisms and monitoring solutions. Legitimate Windows commands are not regarded as suspicious by the system itself, which is why anomaly detection and behavioral analysis become critical. A financial company like a stock exchange is a high-value target for espionage, insider-threat scenarios, and regulatory compliance violations.

This attack illustrates the necessity of implementing privileged access management, advanced logging strategies, and behavioral analytics in sensitive business areas. The NIS2 Directive reinforces this requirement through stricter obligations for network and control instruments.


Source: www.darkreading.com · Published 3 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.

Share on: