Russian hacker group steals Emails of NATO officials and diplomats

Share post:

Since February 2023, a Russian hacking gang known as TA473 or ‘Winter Vivern’ has targeted unpatched Zimbra endpoints in order to collect the emails of NATO officials, governments, military people, and diplomats. The gang has been aggressively exploiting the CVE-2022-27926 vulnerability in Zimbra Collaboration servers to get access to NATO-aligned organizations’ and individuals’ communications.

Sentinel Labs previously reported on the group’s latest operation two weeks ago, in which they utilized websites that mimicked European cybercrime agency to disseminate malware disguised as a virus scanner. Proofpoint has recently published a study outlining how the gang exploits the CVE-2022-27926 vulnerability in Zimbra Collaboration servers to gain access to high-profile targets’ emails.

According to the Proofpoint report, the hackers begin their attack by scanning for unpatched webmail platforms with the Acunetix tool vulnerability scanner. They send a phishing email from a compromised account that looks to be from someone the victim knows or is significant to their company after they find a vulnerable Zimbra endpoint. The email contains a link that exploits the CVE-2022-27926 vulnerability by injecting JavaScript payloads into the compromised Zimbra infrastructure of the target.

These payloads are then used to collect usernames, passwords, and tokens from cookies sent by the hacked Zimbra endpoint, granting the hackers full access to the targets’ email accounts.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, March 29, 2024 – PyPI repository shuts to stop malicious uploads, a plea to developers to stop creating apps with SQL...

This episode reports on a US$10 million reward for a ransomware gang, a new Linux version of a backdoor

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Cyber Security Today, March 25, 2024 – A suspected China threat actor going after unpatched F5 and ScreenConnet installations

This episode reports on a new campaign stealing email passwords ,the latest data breaches

A hacker’s view of the civic infrastructure: Hashtag Trending, the Weekend Edition for March 23rd, 2024

What does the civic infrastructure look like through the eyes of a hacker? The legendary general Sun Tzu in the Art of War said that in order to defeat your enemy, you must first understand your enemy. How do you do this? He said, “to know your enemy, you must become your enemy.” If we

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways