In a significant cybersecurity breach, hackers infiltrated the email of a high-ranking executive at a prominent global stock exchange, exfiltrating sensitive data over a prolonged period.
Details of the Cyber Breach
Broadcom’s Symantec and the Carbon Black threat-hunting team have been investigating the attack, which started in October 2025. The cybercriminals maintained access to the executive’s Outlook account until March 2026, resulting in an estimated 150 days of unauthorized access.
The primary objective of the hackers appears to have been espionage. However, neither Symantec nor Carbon Black disclosed the identity of the attackers or the specific stock exchange affected.
High-Value Intelligence Target
Researchers emphasized the significance of accessing a senior executive’s mailbox, which can provide insights into external negotiations, internal discussions, and personal schedules. This information is invaluable for espionage purposes, granting attackers a comprehensive view of the executive’s professional activities.
Stock exchanges and regulatory bodies often possess confidential information about market events, making them attractive targets for cybercriminals. The extended access allowed the attackers to gather substantial intelligence without needing to breach other network areas.
Attack Methodology and Persistence
The initial method of entry remains unidentified, but suspicious activity was first detected on October 10, 2025, when malware mimicking Adobe and OneDrive applications was found on the compromised system.
By November 12, command-and-control channels were established, and data exfiltration commenced. The hackers cleverly used Dropbox and OneDrive to transfer files in small batches to avoid detection by security systems.
To maintain their foothold, the attackers frequently re-registered tasks under the guise of system services like Adobe, Lenovo, and OneDrive. Symantec and Carbon Black have released indicators of compromise (IoCs) to aid other organizations in identifying similar threats.
This incident underscores the critical importance of robust cybersecurity measures, especially for institutions handling sensitive financial information. As cyber threats continue to evolve, organizations must remain vigilant and proactive in safeguarding their digital assets.
