"Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware"

A new email phishing campaign has been discovered hijacking conversations to deliver IcedID information-stealing malware. The campaign exploits unpatched and publicly-exposed Microsoft Exchange servers. The phishing emails apply the social engineering tactic of conversation hijacking, also known as thread hijacking. It involves the use of a forged reply to a previous stolen email to trick the recipient into opening an attachment. This method has been shown to increase the credibility of the phishing email and cause a high infection rate. The latest wave of attacks targeted organizations within the energy, healthcare, law, and pharmaceutical sectors. IcedID is a banking trojan that has become an entry point for more sophisticated threats, including human-operated ransomware and the Cobalt Strike adversary simulation tool. It can connect to a remote server and download next-stage implants and tools for attackers to perform follow-on activities and move laterally across impacted networks to deliver additional malware. This article continues to discuss findings surrounding the new email phishing campaign aimed at delivering IcedID information-stealing malware by taking over email reply chains on unpatched Microsoft Exchange servers. 

THN reports "Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware"