Hackers Target Global Stock Exchange in Espionage Operation

Hackers gained access to the email account of a senior executive at a major global stock exchange and exfiltrated data for months.

The attack, investigated by Broadcom’s Symantec and Carbon Black threat-hunting team, began in October 2025, and the threat actor retained access to the compromised Outlook mailbox until March 2026. The security experts estimate that the dwell time was roughly 150 days.

The goal of the operation was most likely espionage, but Symantec and Carbon Black did not share any information about who may have been behind the attack or which stock exchange was targeted.

“For an espionage actor, a senior executive’s mailbox is a high-value intelligence target. An Outlook profile may yield details of external negotiations, internal deliberations, the executive’s calendar, travel pattern, and their contacts,” the researchers said.

“Organizations such as exchanges and regulators may hold non-public information about listings, enforcement actions and market-moving events. Months of unfettered access to that mailbox lets an attacker build a near-complete picture of the target’s working life and the organization’s near-term direction without ever having to move laterally elsewhere on the network,” they added.