Skip to content

Stock Exchange Executive: Five-Month Unauthorized Access to Outlook Mailbox

Key Point: Attackers remained undetected for five months in a stock exchange executive’s mailbox and exfiltrated data via popular cloud services to evade detection.

Unknown attackers maintained access to the Outlook mailbox of a senior manager at a major global stock exchange for at least five months, copying contents in small batches through Dropbox and OneDrive to blend in with normal cloud traffic. Symantec and the Threat Hunter Team from Carbon Black documented the campaign, which points to industrial espionage.

Unknown attackers infiltrated the email account of an executive leader at an internationally significant stock exchange and systematically extracted data over a period of at least five months. The attackers copied the mailbox in repeated, smaller portions and routed the data through legitimate cloud services such as Dropbox and OneDrive to disguise their activities within the organization’s normal cloud traffic.

The Threat Hunter Team at Symantec and Carbon Black reported on the campaign this week. The attack pattern indicates deliberately executed espionage rather than financial gain motives. The choice of target — a senior executive — and the tactic of prolonged, undetected access point to a state-sponsored or competitor-oriented actor with strong interest in business information and strategic decisions.

For CISOs, this case underscores the critical importance of cloud access monitoring: Legitimate services such as Dropbox and OneDrive can be abused as data exfiltration vehicles if necessary controls are lacking. The months-long lack of detection indicates that standard email security and endpoint monitoring were insufficient to identify the attacker’s mass copy operations.


Source: thehackernews.com · Published June 4, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.

Share on: