Ikea (opens in new tab) is reportedly reeling under an ongoing cyberattack perpetrated through phishing (opens in new tab) emails sent via compromised Microsoft Exchange servers (opens in new tab).
According to BleepingComputer (opens in new tab), the homeware giany is alerting its employees of the campaign conducted through the classic reply-all email chain attack (opens in new tab).
"There is an ongoing cyber-attack that is targeting Inter Ikea mailboxes. Other Ikea organizations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter Ikea," reads the internal email sent to Ikea employees as seen by BleepingComputer.
The email goes on to explain the modalities of the reply-all email attack, noting that phishing emails can come from co-workers, or from a third-party, in the form of a reply to an already ongoing conversation.
Hijacking internal servers
A recent investigation (opens in new tab) into the recent SquirrelWaffle malware (opens in new tab) campaign by cybersecurity (opens in new tab) experts revealed that attackers have begun using compromised internal email servers (opens in new tab) that were attacked using a chain of both ProxyLogon (opens in new tab) and ProxyShell (opens in new tab) exploits to add legitimacy to the reply-chain email attack.
Researchers at TrendMicro (opens in new tab) discovered that after compromising the unpatched servers, the attackers hijack internal email chains to add malicious links in legitimate messages.
This makes the attacks difficult to detect, which is something Ikea has also shared with its employees.
Furthermore, while sharing an example of a fraudulent message, Ikea tells its employees that the malicious emails contain links with seven digits at the end. Once spotted the recipients are asked to report the email to Ikea’s IT department immediately.
Shield yourself online with these best identity theft protection services (opens in new tab), and ensure your computers are protected with these best endpoint protection tools (opens in new tab)