Hackers exploit Zimbra vulnerability, comprise nearly 900 servers

Share post:

A security vulnerability in the Zimbra Collaboration Suite (ZCS) vulnerability tracked as CVE-2022-41352, has been exploited by hackers to hack into nearly 900 servers.

A proof-of-concept (PoC) has been added to the Metasploit framework, allowing unprofessional attackers to exploit the vulnerability.

The Zimbra vulnerability is a remote code execution flaw that allows an attacker to send an email with a malicious archive attachment that places a web shell in the Zimbra Collaboration Suite server, bypassing antivirus.

Kaspersky researchers identified at least 876 servers that had been compromised by attackers exploiting the vulnerability before it was publicized. After it was reported, various threat groups attempted to exploit the flaw.

Although Zimbra had released a security fix with ZCS version 9.0.0 P27, attackers continue to launch opportunistic attacks to exploit the vulnerability.

According to Kaspersky, the first attacks that exploited vulnerable Zimbra servers began in September in India and Turkey. Researchers believe that the first wave of attacks was likely a test wave against low-interest targets to test their effectiveness.

The attackers comprised 44 servers during the first wave, and for the second wave, after the bug became public, the threat actors switched gears and began mass attacks, resulting in 832 servers being compromised with malicious webshells.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

New SMS Phishing Scam Targets U.S. Toll Road Users with Fake Payment Alerts

Brian Krebs of the Krebs on Security blog did a big piece leading with how residents across the...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways