Cyberattack hits IKEA email systems where threat actors target staff in internal phishing attacks using stolen reply-chain emails.
- IKEA is notifying employees of an ongoing reply-chain phishing cyberattack targeting internal email systems.
- Cyberattacks have stolen authentic company emails and are now responding with links attached to malicious documents.
Cyberattack hits IKEA email systems where threat actors target staff in internal phishing attacks using stolen reply-chain emails.
"There is an ongoing cyber-attack that is targeting Inter IKEA mailboxes. Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA," notified an internal email sent to IKEA employees and seen by BleepingComputer.
The internal email explained that the attack might come in the form of an email from a coworker, from any external organisation or a reply to an existing conversation. Thus it is difficult to identify, and the company requests every employee to be extra cautious.
IKEA IT staff notified the employees that the reply-chain emails encompass URLs that end in seven numbers. Employees were also informed not to open the emails, regardless of who sent them and report them immediately to the IT department.
Recipients are also told to let out the sender of the emails via Microsoft Teams chat to report the emails.
To launch phishing attacks, cyberattackers started utilising the ProxyShell and ProxyLogin vulnerabilities to access internal Microsoft Exchange servers.
Cyberattackers use ProxyLogin to remotely execute code on the target server from anywhere in the world with an internet connection.
After hackers attain access to a server, they use internal Microsoft Exchange servers to launch reply-chain attacks against employees using stolen company emails.
As the emails are being delivered from internal compromised servers and existing email chains, there is a higher level of trust that the emails are not malicious.
“Our email filters can identify some of the malicious emails and quarantine them. Due to that, the email could reply to an ongoing conversation; it's easy to think that the email filter made a mistake and released the email from quarantine. We are, therefore, until further notice disabling the possibility for everyone to release emails from quarantine," told IKEA to employees.
IKEA treats this security issue like a severe cyberattack, which might lead to a considerably more destructive attack.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?