Since February 2023, a Russian hacking group known as TA473, also identified as “Winter Vivern,” has been actively stealing the emails of NATO leaders, governments, soldiers, and diplomats by taking advantage of flaws in unpatched Zimbra endpoints.
Sentinel Labs published a report on ‘Winter Vivern’s’ recent operation two weeks ago, detailing how the group propagated malware that poses as a virus scanner by imitating websites run by European organisations that fight online crime.
The threat actor used Zimbra Collaboration servers to exploit CVE-2022-27926, according to a new report released by Proofpoint today. This vulnerability allowed the threat actor to access the communications of individuals and organisations that are NATO allies.
Taking aim at Zimbra
Before launching a Winter Vivern attack, the threat actor first uses the Acunetix tool vulnerability scanner
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: