Security news platform Bleeping Computer reported on 26^th November 2021 that IKEA is facing a cyber-attack where threat actors are targeting Employees in IKEA in phishing attacks using stolen reply-chain emails. (Reply-chain email attack happens when attackers steal legitimate email accounts and sending emails through that compromised email accounts/internal servers. So, that recipients trust the email and are likely to open the malicious documents attached)

IKEA is a multinational conglomerate headquartered in Netherlands. It’s famous for designing and selling kitchen appliance, furniture, and home accessories, among other goods and home services.

“In internal emails seen by BleepingComputer, IKEA is warning employees of an ongoing reply-chain phishing cyber-attack targeting internal mailboxes. These emails are also being sent from other compromised IKEA organizations and business partners.” Reported bleeping computer in their report.

“There is an ongoing cyber-attack that is targeting Inter IKEA mailboxes. Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA. This means that the attack can come via email from someone that you work with, from any external organisation, and as a reply to an already ongoing conversation. It is therefore difficult to detect, for which we ask you to be extra cautious.” mentioned in an internal email sent to IKEA employees

IKEA team warns its employees about these reply chain emails and advised employees not to open open any kind of suspicious emails. IKEA also have disabled the ability for employees to release email from the quarantine so that the malicious emails are not released by a mistake of a employee.

“Our email filters can identify some of the malicious emails and quarantine them. Due to that the email could be a reply to an ongoing conversation, it’s easy to think that the email filter made a mistake and release the email from quarantine. We are therefore until further notice disabling the possibility for everyone to release emails from quarantine,” IKEA message to employees.

Currently IKEA has not disclosed whether the internal servers were compromised.

Reference

https://www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/