IceID trojan delivered via hijacked email threads, compromised MS Exchange servers

A threat actor is exploiting vulnerable on-prem Microsoft Exchange servers and using hijacked email threads to deliver the IceID (BokBot) trojan without triggering email security solutions. “The payload has also moved away from using office documents to the use of ISO files with a Windows LNK file and a DLL file. The use of ISO files allows the threat actor to bypass the Mark-of-the-Web controls, resulting in execution of the malware without warning to the … More →

The post …

cryptolaemus don't miss email exchange featured news fortinet hijacked intezer servers trojan