Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months

Unknown attackers quietly maintained roughly five months of access to a senior executive's Outlook mailbox at a major global stock exchange, using a mailbox-stealer built on the Aspose .NET library to convert OST/PST files and exfiltrate incremental mailbox exports via Dropbox and OneDrive; they deployed SYSTEM-level binaries, credential-dumping tools, FRPC tunneling, and scheduled-task persistence to blend activity with normal cloud traffic and avoid detection, with activity observed from Oct 2025 through Mar 2026 and a staged backdoor found in March.