Cyber espionage campaign targeted stock exchange executive’s Outlook account

**Executive summary:** Attackers maintained covert access to a senior stock exchange executive's Outlook mailbox from October 2025 to March 2026, using an Aspose-based extractor to convert OST files into incremental PST archives and exfiltrating small batches via Dropbox and OneDrive Personal; persistence was achieved through scheduled tasks and masquerading binaries, and the operation appears technically disciplined and likely state-linked despite no firm attribution.