Last Updated on 02/12/2021 by Nidhi Khandelwal
IKEA is fighting a hack in which threat actors are utilising stolen reply-chain emails to target employees in internal phishing assaults.
Threat actors steal authentic corporate email and then reply with links to malicious documents that install malware on recipients’ devices in a reply-chain email assault.
Because the reply-chain emails appear to be authentic company emails and are frequently sent from hacked email accounts and internal servers, users are more likely to trust the email and open the infected documents.
IKEA is warning employees about an ongoing reply-chain phishing cyber-attack targeting internal mailboxes in internal emails acquired by BleepingComputer. Other compromised IKEA companies and business partners are also sending these emails.
“Inter IKEA mailboxes are currently the subject of a cyber-attack. The same attack has infiltrated other IKEA organisations, suppliers, and business partners, who are circulating malicious emails to Inter IKEA employees “According to an internal email seen by BleepingComputer, it was sent to IKEA staff.
IKEA IT teams have issued a warning to employees that the reply-chain emails contain links with seven numbers at the conclusion, as illustrated below. Employees are also instructed not to open the emails, regardless of who sent them, and to immediately report them to the IT department.
Threat actors have recently started utilising the ProxyShell and ProxyLogin vulnerabilities to infiltrate internal Microsoft Exchange servers in order to launch phishing attacks.
They exploit internal Microsoft Exchange servers to launch reply-chain attacks against employees using stolen company emails after they acquire access to a server.
There is a higher level of trust that the emails are not harmful because they are sent from within hacked systems and existing email chains.
There’s also a risk that recipients will unintentionally release the dangerous phishing emails from quarantine, believing they were caught in filters by accident. As a result, they’ve disabled employees’ capacity to send emails until the incident is rectified.