Pro-Russia group exploits Roundcube zero-day in attacks on European government emails

Trending 1 month ago
  1. Home
  2. Security
  3. Pro-Russia group exploits Roundcube zero-day in attacks on European government emails

The Winter Vivern cyber spy group is exploiting an XSS zero-day vulnerability successful attacks connected European governments.

Researchers astatine ESET, who discovered nan activity, didn't sanction nan circumstantial authorities entities it targeted but fixed Winter Vivern's nexus to Russia and Belarus, they are apt to beryllium adversaries of those countries.

Tracked arsenic CVE-2023-5631, nan zero-day was recovered successful nan free and open-source webmail customer Roundcube. ESET reported nan vulnerability to nan Roundcube squad connected October 12 and a spot was developed 2 days later.

The utilization started pinch a convincing-looking phishing email that aimed to spoof nan Microsoft Outlook team. The show sanction was group arsenic "Team Outlook" but 1 giveaway was a typo successful nan spoofed email reside "team.managment@outlook.com." 

All a unfortunate was required to do was unfastened nan email successful a web browser, nan taxable statement of which was "Get started successful your Outlook," and a malicious payload would beryllium launched. It was hidden successful an SVG tag astatine nan extremity of nan email's HTML root code.

JavaScript codification would past beryllium loaded to enumerate folders and emails wrong nan victim's Roundcube relationship and nonstop nan messages backmost to nan attackers utilizing their C2 server.

"Despite nan debased sophistication of nan group's toolset, it is simply a threat to governments successful Europe because of its persistence, very regular moving of phishing campaigns, and because a important number of internet-facing applications are not regularly updated though they are known to incorporate vulnerabilities," ESET said.

Winter Vivern has exploited known vulnerabilities successful Roundcube and Zimbra for its espionage campaigns since 2022, but this zero-day study shows an advancement successful its operations, according to nan researchers.

For example, researchers observed Winter Vivern exploiting CVE-2020-35730 arsenic precocious arsenic August and September, contempt nan vulnerability being 3 years old.

Fancy Bear, nan precocious persistent threat group (APT) believed to person ties pinch Russia's GRU, was besides spotted exploiting nan aforesaid aged XSS vulnerability successful Roundcube, and sometimes targeting nan aforesaid victims arsenic Winter Vivern.

The group is known for chiefly targeting entities successful Europe and Central Asia, but earlier this twelvemonth had attacks against US authorities officials, arsenic good arsenic European lawmakers, pinned to it.

  • Ex-NSA techie pleads blameworthy to trading authorities secrets to Russia
  • After six days and thousands of pwned users, Cisco poised to spot IOS XE flaw
  • International Criminal Court blames spies for 'targeted and blase attack'
  • Mimecast bins SolarWinds and compromised servers alike successful aftermath of proviso concatenation hack

In this case, officials from an array of different European governments were targeted by nan "scrappy" group, arsenic 1 interrogator put it, and its wide exploitation of a one-year-old Zimbra XSS vulnerability.

Tom Hegel, elder threat interrogator astatine SentinelOne, said astatine nan clip that Winter Vivern recovered occurrence successful campaigns pinch constricted resources, and showed precocious degrees of productivity erstwhile it came to solving problems.

The group is believed to person begun operations successful 2020 aft DomainTools discovered it successful 2021. ®

Related Article

60 US credit unions offline after ransomware infects backend cloud outfit

60 US credit unions offline after ransomware infects backend cloud outfit

21 hours ago
Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks

Apple slaps patch on WebKit holes in iPhones and Macs amid fears of active attacks

23 hours ago
UEFI flaws allow bootkits to pwn potentially hundreds of devices using images

UEFI flaws allow bootkits to pwn potentially hundreds of devices using images

1 day ago
US readies prison cell for another Russian Trickbot developer

US readies prison cell for another Russian Trickbot developer

1 day ago
Regulator says stranger entered hospital, treated a patient, took a document ... then vanished

Regulator says stranger entered hospital, treated a patient, took a document ... then vanished

1 day ago
Interpol makes first border arrest using Biometric Hub to ID suspect

Interpol makes first border arrest using Biometric Hub to ID suspect

1 day ago

Trending

1. Marquette basketball
2. Texas vs Oklahoma State
3. TOLEDO FOOTBALL
4. Northwestern basketball
5. Real Madrid
6. Michigan vs Iowa
7. College Football Playoff
8. Fortnite event
9. Arsenal vs Wolves
10. Montenegro

Popular Article

Fiio KB3 infuses a mechanical keyboard with a hi-res DAC

Fiio KB3 infuses a mechanical keyboard with a hi-res DAC

23 hours ago
The Week in Ransomware - December 1st 2023 - Police hits affiliates

The Week in Ransomware - December 1st 2023 - Police hits affiliates

23 hours ago
5 great Christmas TV shows to watch in December

5 great Christmas TV shows to watch in December

22 hours ago
The best Christmas movies on Max (December 2023)

The best Christmas movies on Max (December 2023)

23 hours ago
How to keep your laptop battery healthy and extend its life

How to keep your laptop battery healthy and extend its life

22 hours ago
The best movies on Apple TV+ right now (December 2023)

The best movies on Apple TV+ right now (December 2023)

6 hours ago
English (US) English (US) · Indonesian (ID) Indonesian (ID) ·
About Us · Contact Us · Terms & Conditions · Disclaimer ·

©2023 PAK MEDIA BLOG.
All Rights Reserved.