The menace actor identified as Wintertime Vivern has been observed exploiting a zero-working day flaw in Roundcube webmail software package on October 11, 2023, to harvest email messages from victims’ accounts.
“Wintertime Vivern has stepped up its functions by utilizing a zero-working day vulnerability in Roundcube,” ESET security researcher Matthieu Faou claimed in a new report published right now. Beforehand, it was using recognised vulnerabilities in Roundcube and Zimbra, for which proofs-of-notion are accessible on the net.”
Winter Vivern, also identified as TA473 and UAC-0114, is an adversarial collective whose targets align with that of Belarus and Russia. Above the past couple months, it has been attributed to attacks against Ukraine and Poland, as effectively as governing administration entities throughout Europe and India.
The group is also assessed to have exploited a different flaw Roundcube previously (CVE-2020-35730), producing it the next country-state group right after APT28 to goal the open-source webmail software program.
“Despite the small sophistication of the group’s toolset, it is a menace to governments in Europe because of its persistence, incredibly normal running of phishing strategies, and for the reason that a major variety of internet-experiencing applications are not consistently up to date even though they are identified to have vulnerabilities,” Faou said.
Discovered this article exciting? Observe us on Twitter and LinkedIn to examine extra exclusive material we publish.
Some sections of this posting are sourced from: