Hackers secretly monitored and stole email data from a senior executive at a major global stock exchange for about five months. Broadcom’s Symantec and Carbon Black teams said the intrusion began in October 2025 and lasted until March 2026, with malware on the victim’s device disguised as Adobe and OneDrive software, scheduled-task persistence masked as Adobe, Lenovo, and OneDrive services, and exfiltration of Outlook mailbox data in small archives via Dropbox and OneDrive. The initial access method and the victim exchange were not disclosed, but investigators published indicators of compromise.
Why it matters: This is a high-impact espionage case because a stock exchange executive’s mailbox can expose market-moving information, internal deliberations, contacts, and travel details. Financial institutions and other high-value targets should hunt for the published indicators, review executive mailbox and endpoint activity, and scrutinize cloud-storage exfiltration and suspicious scheduled tasks.
info@thehackernews.com (The Hacker News)
2026.06.04
99% relevant
This article is another report on the same underlying incident: an espionage intrusion in which attackers maintained access to a senior executive’s Outlook mailbox at a major global stock exchange for roughly five months.
Eduard Kovacs
2026.06.03
100% relevant
This article appears to be the first tracked report of this specific espionage intrusion against a global stock exchange executive mailbox.
← Back to all stories