IKEA Hit By Ongoing, Highly Sophisticated Reply-Chain Attack

Exploit: Phishing, Reply-Chain
Company: IKEA
Industry: Retail
Source: https://www.msspalert.com/cybersecurity-breaches-and-attacks/phishing/ikea-cyberattack-details/

IKEA employees are being warned of an ongoing reply-chain phishing attack targeting internal email accounts. Employees are also being cautioned about emails sent from compromised IKEA organizations and its business partners.

This version of internal phishing is particularly worrisome as it involves a more highly sophisticated attack. Threat actors hijack legitimate corporate email chains, then reply to them with by inserting a malicious link or document that is ready to install malware on an unsuspecting recipient’s device.

Reply-chain attacks look highly credible as they come from legitimate email chains sent from an unknowingly compromised internal email account on an internal server.

At this time, the IKEA attacks are speculated to involve compromised Microsoft Exchange on-premises servers. IKEA’s internal IT Teams have been busy trying to diligently describe the email threat. Employees are being told not to open the described emails, regardless of the sender, and to immediately report them to the IT department. Subsequently, the recipients are being directed to tell the sender of the email by using Microsoft Teams to report the emails as well.

As reported by BleepingComputer, an internal IKEA email is now circulating, warning employees of the attack with the following statement:

“There is an ongoing cyber-attack that is targeting Inter IKEA mailboxes. Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA.

This means that the attack can come via email from someone that you work with, from any external organisation, and as a reply to an already ongoing conversations. It is therefore difficult to detect, for which we ask you to be extra cautious.”