IcedID Phishing Campaign Targets Exchange Servers

11
IcedID Phishing Campaign Targets Exchange Servers-01

IcedID, the ever-evolving banking malware, is back with a phishing campaign that exploits previously compromised Microsoft Exchange servers to send emails that appear to be from real accounts. To spread the modular malware, attackers are employing new stealthy payload-delivery mechanisms.

Researchers from Intezer discovered the campaign earlier this month, which uses thread hijacking to transmit malicious messages from stolen Exchange accounts, adding an added layer of evasion to the campaign’s malicious goal, according to researchers Joakim Kennedy and Ryan Robinson.

Threat actors behind IcedID, like other spearphishers, have utilized phishing emails that reuse previously stolen emails to make the bait more attractive, according to researchers.

Read More: https://threatpost.com/exchange-servers-speared-in-icedid-phishing-campaign/179137/