Ikea is reportedly reeling under an ongoing cyberattack perpetrated through phishing emails sent via compromised Microsoft Exchange servers.
According to BleepingComputer, the homeware giany is alerting its employees of the campaign conducted through the classic reply-all email chain attack.
"There is an ongoing cyber-attack that is targeting Inter Ikea mailboxes. Other Ikea organizations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter Ikea," reads the internal email sent to Ikea employees as seen by BleepingComputer.
The email goes on to explain the modalities of the reply-all email attack, noting that phishing emails can come from co-workers, or from a third-party, in the form of a reply to an already ongoing conversation.
Hijacking internal servers
A recent investigation into the recent SquirrelWaffle malware campaign by cybersecurity experts revealed that attackers have begun using compromised internal email servers that were attacked using a chain of both ProxyLogon and ProxyShell exploits to add legitimacy to the reply-chain email attack.
Researchers at TrendMicro discovered that after compromising the unpatched servers, the attackers hijack internal email chains to add malicious links in legitimate messages.
This makes the attacks difficult to detect, which is something Ikea has also shared with its employees.
Furthermore, while sharing an example of a fraudulent message, Ikea tells its employees that the malicious emails contain links with seven digits at the end. Once spotted the recipients are asked to report the email to Ikea’s IT department immediately.
Shield yourself online with these best identity theft protection services, and ensure your computers are protected with these best endpoint protection tools
