A small UK business had its server secretly hijacked by cybercriminals who used it to fire off nearly nine million phishing emails impersonating Boots, and security researchers say the attackers went largely undetected because they never touched the victim’s data at all.
The story, uncovered by cybersecurity firm Huntress, offers a striking example of how sophisticated fraudsters operate today: renting other people’s infrastructure rather than building their own, staying under the radar by avoiding the ransomware deployments that typically trigger alarms.
“The Devils” Get To Work
When Huntress installed its monitoring software on a client’s network on 15 May 2026, it had no idea it was stepping into an active intrusion. By the early hours of the following morning, analysts spotted an RDP login from Romania and started pulling on threads.
What…