Phishing attack on Ikea mail server

Share your love

Ikea is currently dealing with an ongoing attack on its email system, with attackers targeting employees’ mailboxes with stolen reply-chain emails, like the US medium Bleeping Computer reported. The response chain emails sent are company emails that are sent from compromised email accounts, but have links or attachments containing malware. Due to the trustworthy appearance, there is a higher probability that employees will download the attachments and infect computers.

Phishing attack on Ikea

(Image: Ikea)

In a Bleeping Computer present email to Ikea staff states: “There is an ongoing cyberattack targeting Inter-IKEA mailboxes. Other IKEA organizations, suppliers and business partners have been affected by the same attack and are spreading malicious e-mails to people at Inter IKEA”. The emails look like they come from colleagues or from external organizations in response to an ongoing conversation. It is therefore difficult to tell whether the email received is a phishing email.

Ikea warns its employees of e-mails that contain seven numbers at the end of a link and urges their employees not to open them and instead report them to the IT department – even if they come from trusted senders. When these URLs are called up, a browser is redirected to a download called “charts.zip” which contains an Excel document prepared with macros. This appendix prompts recipients to click the Enable Content or Enable Editing buttons to properly view the document. When you click the buttons will be loud Bleeping Computer run the malicious macros, download files named besta.ocx, bestb.ocx, and bestc.ocx from a remote site and save them in the C: Datop folder.

Attackers compromised internal Microsoft Exchange servers by using the ProxyShell and ProxyLogin vulnerabilities for phishing attacks. After access to a server, the internal Microsoft Exchange servers were used to start response chain attacks with the stolen e-mail addresses of the employees.

Emotet and Qbot Trojans used similar methods. Only recently was Emotet’s return known – which was at times considered to be the most dangerous malware. The Emotet network was hit at the beginning of the year, but machines infected with the Trickbot malware recently began installing new variants of Emotet.


(mack)

Article Source

Read Also   Apple recognizes it, this move can be very expensive if you have a MacBook Pro
Share your love