A recent cyber operation targeted a major financial institution, executing a prolonged executive espionage campaign focused on extracting sensitive information from a senior leader's Outlook mailbox over five months. The attackers implemented stealthy tactics, entering the system undetected through unknown vulnerabilities and using masquerading binaries to maintain access.
They employed a customized data harvesting tool for systematic mailbox theft, executing multiple extraction runs while mimicking legitimate network activity. To exfiltrate stolen data, the adversaries utilized trusted cloud services like Dropbox and OneDrive, cleverly avoiding detection by directly connecting to Microsoft IP addresses instead of standard web domains. This sophisticated operation remains unattributed to any known threat group.