Skip to content
Sign In Subscribe
Cybersecurity | english only |CybersecurityNews

Russian Winter Vivern hackers exploit Zimbra flaw to steal NATO emails

 and  Katalin Béres
1 min read

Table of Contents

A Russian hacking group tracked as TA473, aka 'Winter Vivern,' has been actively exploiting vulnerabilities in unpatched Zimbra endpoints since February 2023 to steal the emails of NATO officials, governments, military personnel, and diplomats.
Two weeks ago, Sentinel Labs reported on a recent operation by 'Winter Vivern' using sites mimicking European agencies fighting cybercrime to spread malware that pretends to be a virus scanner.
Today, Proofpoint has published a new report on how the threat actor exploits CVE-2022-27926 on Zimbra Collaboration servers to access the communications of NATO-aligned organizations and persons.
Despite researchers stating that 'Winter Vivern' is not particularly sophisticated, they follow an effective operational approach that works even against high-profile targets who fail to apply software patches quickly enough.
Considering that the earliest attacks were observed in February 2023, the delay in applying the security update is measured to at least ten months.
Winter Vivern hackers exploit Zimbra flaw to steal NATO emails
A Russian hacking group tracked as TA473, aka ‘Winter Vivern,’ has been actively exploiting vulnerabilities in unpatched Zimbra endpoints since February 2023 to steal the emails of NATO officials, governments, military personnel, and diplomats.
BleepingComputerBill Toulas
Full article can be read here

#Campaign #Vulnerability #IoCs

Related

Hacked: Russian GRU officer wanted by the FBI, leader of the hacker group APT 28
Cybersecurity | english only |

Hacked: Russian GRU officer wanted by the FBI, leader of the hacker group APT 28

Ukrainian hacktivist team Cyber Resistance hacked the email of Lieutenant Colonel Sergey Alexandrovich Morgachev, an officer of the Russian Main Intelligence Directorate of the General Staff of the Russian Army (GRU), leader of the Russian hacker group APT 28, consisting of officers of the 85th Main Special Service Center of

 and  Katalin Béres
Members Public
Supply Chain Attack Against Customers Of Business Phone Provider 3CX Using Trojanized 3CX Desktop App
Cybersecurity | english only |

Supply Chain Attack Against Customers Of Business Phone Provider 3CX Using Trojanized 3CX Desktop App

Hackers may have compromised the networks of thousands of businesses due to a supply-chain attack on the enterprise phone company 3CX, which confirmed on Thursday its desktop app had been bundled with malware. 3CX provides office phone systems to more than 12 million daily users at over 600,000 companies,

 and  Katalin Béres
Members Public
Analysis of the "#VulkanFiles" Leak
Cybersecurity | english only |

Analysis of the "#VulkanFiles" Leak

A whistleblower has provided several media organizations with access to leaked documents from a Russian IT firm named NTC Vulkan (Russian: НТЦ Вулкан) that allegedly show how the firm supports Russia's military and intelligence agencies with cyber warfare tools. Journalists from Der Spiegel and Munich-based investigative group Paper

 and  Katalin Béres
Members Public

Latest

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS
News

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS

Palo Alto Networks released security updates for two actively exploited zero-day vulnerabilities in Palo Alto Networks PAN-OS. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to gain administrator privileges, or a PAN-OS administrator to perform actions on the firewall with root privileges. It recommended applying the updates and

 and  Ferenc Fresz
Members Public
Modern zsarolóvírusok
Ransomware

Modern zsarolóvírusok

A Magyar Védelmi Beszerzési Ügnynökséget az INC Ransom csoport támadta és zsarolta meg 2024. októberében. Az elmúlt időszakban megszaporodtak azok a magyarországi zsarolóvírus támadások, amelyek során az INC és a vele csaknem 71%-ban azonos Lynx zsarolóvírusokat használták a támadók.

 and  Ferenc Fresz
Members Public