Ikea has revealed that it is dealing with a cyber assault on its networks, with evidence indicating that its Microsoft Exchange servers may have been hijacked. Ikea stated to IT Pro that a “full-scale investigation” into the problem is ongoing and that no customer data has been stolen.
The assault is reported to have affected other Ikea organisations, suppliers, and business partners, according to an internal email distributed to staff. The email, acquired by Bleeping Computer, advises employees that malicious emails are being sent around the company and are masquerading as real replies to current email chains.
Email chain hijacking is one of the distinguishing identities of the latest SquirrelWaffle malspam operation, which distributes the Qakbot malware payload via an unpatched vulnerability in Microsoft Exchange servers.
Emails can appear to originate from trustworthy colleagues or outside firms with which a staff member has previously worked, boosting the probability that a social engineering-led cyber assault would succeed.
“We are aware of the issue with the phishing assault against portions of the Ikea organisation,” an Ikea representative informed IT Pro. “Actions have been taken to prevent further harm, and a full-scale investigation is currently underway to seal and resolve the situation.” We take the situation extremely seriously since protecting personal data is a top priority for Ikea.
“There is no evidence that client data has been hacked.” Ikea is advising employees to be especially cautious while checking their inboxes for phishing emails, particularly those with URLs with seven numbers at the end.
These URLs, which are thought to be related with the attacker’s campaign, lead to the download of a malicious Microsoft Excel document. The document urges victims to click ‘allow editing’ and ‘enable content’ buttons inside the document, which subsequently leads to the download of the malicious payload, as is characteristic of the SquirrelWaffle attack method. Ikea is also allegedly instructing employees to quickly report questionable emails to its IT team and provide the sender’s email address using Microsoft Teams instant chat.
The extent to which Ikea employees have been compromised, as well as the success of the assault, are unknown. Due to the convincing nature of the hijacked email chain type of attack, the organization has blocked all workers’ ability to release suspected phishing emails from quarantine.