Stock Exchange Executive’s Outlook Account Targeted in Credential Theft Attack

**Executive summary:** A highly targeted espionage campaign (Oct 2025–early 2026) compromised a senior executive at a major stock exchange by installing a custom Aspose-based mailbox stealer that converted OST to PST and exfiltrated incremental email archives via Dropbox API and OneDrive; attackers achieved SYSTEM privileges, persisted with a deceptive scheduled task, and left multiple file-hash IoCs.