Russian hacker group steals Emails of NATO officials and diplomats

Share post:

Since February 2023, a Russian hacking gang known as TA473 or ‘Winter Vivern’ has targeted unpatched Zimbra endpoints in order to collect the emails of NATO officials, governments, military people, and diplomats. The gang has been aggressively exploiting the CVE-2022-27926 vulnerability in Zimbra Collaboration servers to get access to NATO-aligned organizations’ and individuals’ communications.

Sentinel Labs previously reported on the group’s latest operation two weeks ago, in which they utilized websites that mimicked European cybercrime agency to disseminate malware disguised as a virus scanner. Proofpoint has recently published a study outlining how the gang exploits the CVE-2022-27926 vulnerability in Zimbra Collaboration servers to gain access to high-profile targets’ emails.

According to the Proofpoint report, the hackers begin their attack by scanning for unpatched webmail platforms with the Acunetix tool vulnerability scanner. They send a phishing email from a compromised account that looks to be from someone the victim knows or is significant to their company after they find a vulnerable Zimbra endpoint. The email contains a link that exploits the CVE-2022-27926 vulnerability by injecting JavaScript payloads into the compromised Zimbra infrastructure of the target.

These payloads are then used to collect usernames, passwords, and tokens from cookies sent by the hacked Zimbra endpoint, granting the hackers full access to the targets’ email accounts.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways