Researchers at security firm Cyphort have uncovered a five-year-old attack campaign that has quietly gone about the business of stealing user credentials for Dropbox, Facebook, and other applications unnoticed until now. The so-called NightHunter attack uses SMTP email for exfiltrating data rather than “more common CnC (command and control) mechanisms that use web protocols” The attackers used messages disguised as emails about a variety of topics with subject lines such as “Purchase Order” and “Inquiry””]