Ikea email systems bombarded by phishing attacks

Close up of a person touching an email icon.
(Image credit: Geralt / Pixabay)

Ikea is reportedly reeling under an ongoing cyberattack perpetrated through phishing emails sent via compromised Microsoft Exchange servers.

According to BleepingComputer, the homeware giany is alerting its employees of the campaign conducted through the classic reply-all email chain attack.

"There is an ongoing cyber-attack that is targeting Inter Ikea mailboxes. Other Ikea organizations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter Ikea," reads the internal email sent to Ikea employees as seen by BleepingComputer.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

The email goes on to explain the modalities of the reply-all email attack, noting that phishing emails can come from co-workers, or from a third-party, in the form of a reply to an already ongoing conversation. 

Hijacking internal servers

A recent investigation into the recent SquirrelWaffle malware campaign by cybersecurity experts revealed that attackers have begun using compromised internal email servers that were attacked using a chain of both ProxyLogon and ProxyShell exploits to add legitimacy to the reply-chain email attack.

Researchers at TrendMicro discovered that after compromising the unpatched servers, the attackers hijack internal email chains to add malicious links in legitimate messages.

This makes the attacks difficult to detect, which is something Ikea has also shared with its employees.

Furthermore, while sharing an example of a fraudulent message, Ikea tells its employees that the malicious emails contain links with seven digits at the end. Once spotted the recipients are asked to report the email to Ikea’s IT department immediately.

Shield yourself online with these best identity theft protection services, and ensure your computers are protected with these best endpoint protection tools

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.