• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
hackers exploited 0 day vulnerability in zimbra email platform to spy

Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users

You are here: Home / General Cyber Security News / Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users
February 4, 2022

A risk actor, likely Chinese in origin, is actively making an attempt to exploit a zero-working day vulnerability in the Zimbra open-source email system as component of spear-phishing campaigns that commenced in December 2021.

The espionage operation — codenamed “EmailThief” — was in depth by cybersecurity enterprise Volexity in a technical report published Thursday, noting that profitable exploitation of the cross-internet site scripting (XSS) vulnerability could outcome in the execution of arbitrary JavaScript code in the context of the user’s Zimbra session.

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Volexity attributed the intrusions, which commenced on December 14, 2021, to a beforehand undocumented hacking group it is really tracking beneath the moniker TEMP_HERETIC, with the assaults aimed at European government and media entities. The zero-day bug impacts the most the latest open up-resource version of Zimbra operating edition 8.8.15.

Vulnerability in Zimbra Email Platform

The attacks are thought to have happened in two phases the 1st phase aimed at reconnaissance and distributing emails made to retain tabs if a concentrate on obtained and opened the messages. In the subsequent phase, numerous waves of email messages were broadcasted to trick the recipients into clicking a destructive website link.

“For the attack to be productive, the focus on would have to visit the attacker’s backlink whilst logged into the Zimbra webmail client from a web browser,” Steven Adair and Thomas Lancaster pointed out. “The url alone, on the other hand, could be launched from an application to consist of a thick client, such as Thunderbird or Outlook.”

Vulnerability in Zimbra Email Platform

The unpatched flaw, should really it be weaponized, could be abused to exfiltrate cookies to let persistent accessibility to a mailbox, send phishing messages from the compromised email account to widen the an infection, and even aid the down load of more malware.

Prevent Data Breaches

“None of the infrastructure identified […] particularly matches infrastructure used by formerly classified risk teams,” the scientists mentioned. “Even so, centered on the focused firm and particular men and women of the qualified firm, and given the stolen details would have no monetary value, it is very likely the attacks had been undertaken by a Chinese APT actor.”

“End users of Zimbra should really contemplate upgrading to model 9.., as there is now no protected edition of 8.8.15,” the organization extra.

Uncovered this posting exciting? Comply with THN on Facebook, Twitter  and LinkedIn to browse much more special content we article.


Some components of this posting are sourced from:
thehackernews.com

Previous Post: «kronos still dragging itself back from ransomware hell Kronos Still Dragging Itself Back From Ransomware Hell
Next Post: CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa cisa warns of critical vulnerabilities discovered in airspan networks mimosa»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.