A new email phishing operation has been noticed employing the conversation hijacking strategy to distribute the IcedID banking trojan-type malware onto compromised computers via unpatched and publicly-exposed Microsoft Exchange servers.
The emails use a social engineering technique of conversation hijacking (also known as thread hijacking). A forged reply to a previous stolen email is being used as a way to convince the recipient to open the attachment. This is notable because it increases the credibility of the phishing email and may cause a high infection rate.
The most recent wave of attacks, which began in mid-March 2022, is believed to have targeted businesses in the energy, healthcare, legal, and pharmaceutical industries.
What Is IcedID?
IcedID (also known as BokBot) is a banking trojan-type malware that allows malicious actors to steal victims’ banking information. It was first discovered by security researchers in 2017.
More advanced threats, such as human-operated ransomware and the Cobalt Strike threat emulation software, have used this malware as an entry point.
The IcedID banking trojan can communicate with a remote server and download next-stage implants and software, enabling threat actors to perform follow-on activities and