Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black's Threat Hunter Team reported the campaign this week. This points to espionage, not a money grab:

Reported facts: Symantec and Carbon Black detail that unknown attackers maintained access to a senior executive’s Outlook mailbox at a major global stock exchange for about five months, incrementally exfiltrating the entire inbox via Dropbox and OneDrive to blend into normal cloud traffic, in what is assessed as an espionage-focused campaign rather than direct financial theft.[1][2] This indicates long dwell time, stealthy cloud exfiltration, and highly sensitive financial communications at risk. CyberSE.AI analysis: For AI-enabled fintech and capital markets workflows that ingest executive email and cloud data (for research, trading signals, risk models, or agentic assistants), this kind of persistent mailbox compromise directly increases the risk of AI systems learning from or acting on adversary-tampered data, and of sensitive model inputs being exposed. A focused AI Security Readiness Assessment can help financial institutions map where AI touches executive communications and trading-relevant data, harden identity and cloud telemetry around those flows, and define controls to prevent compromised mailboxes or cloud channels from poisoning AI-driven decision-making or leaking con