• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new wave of attack campaign targeting zimbra email users for

New Wave of Attack Campaign Targeting Zimbra Email Users for Credentials Theft

You are here: Home / General Cyber Security News / New Wave of Attack Campaign Targeting Zimbra Email Users for Credentials Theft
August 18, 2023

A new “mass-spreading” social engineering marketing campaign is focusing on customers of the Zimbra Collaboration email server with an goal to accumulate their login qualifications for use in stick to-on operations.

The action, energetic because April 2023 and nevertheless ongoing, targets a vast vary of smaller and medium companies and governmental entities, most of which are situated in Poland, Ecuador, Mexico, Italy, and Russia. It has not been attributed to any recognised threat actor or team.

“At first, the focus on gets an email with a phishing webpage in the hooked up HTML file,” ESET researcher Viktor Šperka mentioned in a report. “The email warns the target about an email server update, account deactivation, or related issue and directs the user to click on on the attached file.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

The messages also spoof the from handle to appear as if they are coming from a Zimbra administrator in a most likely try to influence the recipients into opening the attachment.

The HTML file has a Zimbra login site tailor-made to the targeted business, with the Username industry prefilled with the victim’s email handle to make it appear a lot more authentic. When the qualifications are entered, they are collected from the HTML sort and sent via a HTTPS Article ask for to an actor-controlled server.

What helps make the attacks stand out is their skill to propagate even further. Subsequent phishing waves have leveraged accounts of previously focused, genuine providers, suggesting that the infiltrated administrator accounts related with those victims were being made use of to ship e-mails to other entities of interest.

Cybersecurity

“One particular rationalization is that the adversary depends on password reuse by the administrator qualified by means of phishing – i.e., applying the similar credentials for the two email and administration,” Šperka pointed out.

When the marketing campaign is not technically refined, it banking institutions on the reality that “HTML attachments consist of legit code, and the only telltale aspect is a hyperlink pointing to the destructive host” which is embedded in the supply code.

“This way, it is considerably a lot easier to circumvent popularity-primarily based anti-spam policies, when compared to phishing methods in which a malicious backlink is immediately placed in the email body,” Šperka reported.

Found this report appealing? Stick to us on Twitter  and LinkedIn to study extra exclusive written content we post.


Some parts of this short article are sourced from:
thehackernews.com

Previous Post: «new blackcat ransomware variant adopts advanced impacket and remcom tools New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools
Next Post: The Vulnerability of Zero Trust: Lessons from the Storm 0558 Hack the vulnerability of zero trust: lessons from the storm 0558»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.