![]() ![]() “This actor has been tenacious in its targeting of American and European officials as well as military and diplomatic personnel in Europe,” a threat researcher from security firm Proofpoint said in March when disclosing the attacks exploiting the Zimbra vulnerability. Those attacks also exfiltrated targets’ emails but exploited a separate, already-patched XSS in Zimbra Collaboration, a software package that’s also used to host webmail portals. In March, the threat group was spotted targeting US government officials who had voiced support for Ukraine in its bid to drive back Russia’s invasion. The vulnerability is tracked as CVE-2023-5631 and affects Roundcube versions 1.6.x before 1.6.4, 1.5.x before 1.5.5, and 1.4.x before 1.4.15.įurther Reading Pro-Russian hackers target elected US officials supporting UkraineWinter Vivern has been operating since at least 2020 and targets governments and think tanks, primarily in Europe and Central Asia. ESET reported the zero-day vulnerability to Roundcube developers on the same day, and they issued a patch on October 14. The attacks began on October 11, and ESET detected them a day later. “No manual interaction other than viewing the message in a web browser is required.” “In summary, by sending a specially crafted email message, attackers are able to load arbitrary JavaScript code in the context of the Roundcube user’s browser window,” ESET researcher Matthieu Faou wrote. The injection was triggered simply by viewing a malicious email, which caused the server to send emails from selected targets to a server controlled by the threat actor. Members of a pro-Russia and Belarus hacking group tracked as Winter Vivern used the XSS bug to inject JavaScript into the Roundcube server application. ![]() The previously unknown vulnerability resulted from a critical cross-site scripting error in Roundcube, a server application used by more than 1,000 webmail services and millions of their end users. A relentless team of pro-Russia hackers has been exploiting a zero-day vulnerability in widely used webmail software in attacks targeting governmental entities and a think tank, all in Europe, researchers from security firm ESET said on Wednesday.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |