Espionage Campaign Targeted Stock Exchange Executive for Five Months

This report documents a focused, long‑dwell intrusion in which attackers achieved local escalation and persistent access to a host, deployed masquerading binaries and scheduled tasks, and used an Aspose-based mailbox stealer to incrementally extract a single user's Outlook mailbox over five months, exfiltrating data via Dropbox and OneDrive while rotating techniques to evade detection.