Russian hacker group steals Emails of NATO officials and diplomats

Share post:

Since February 2023, a Russian hacking gang known as TA473 or ‘Winter Vivern’ has targeted unpatched Zimbra endpoints in order to collect the emails of NATO officials, governments, military people, and diplomats. The gang has been aggressively exploiting the CVE-2022-27926 vulnerability in Zimbra Collaboration servers to get access to NATO-aligned organizations’ and individuals’ communications.

Sentinel Labs previously reported on the group’s latest operation two weeks ago, in which they utilized websites that mimicked European cybercrime agency to disseminate malware disguised as a virus scanner. Proofpoint has recently published a study outlining how the gang exploits the CVE-2022-27926 vulnerability in Zimbra Collaboration servers to gain access to high-profile targets’ emails.

According to the Proofpoint report, the hackers begin their attack by scanning for unpatched webmail platforms with the Acunetix tool vulnerability scanner. They send a phishing email from a compromised account that looks to be from someone the victim knows or is significant to their company after they find a vulnerable Zimbra endpoint. The email contains a link that exploits the CVE-2022-27926 vulnerability by injecting JavaScript payloads into the compromised Zimbra infrastructure of the target.

These payloads are then used to collect usernames, passwords, and tokens from cookies sent by the hacked Zimbra endpoint, granting the hackers full access to the targets’ email accounts.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Sleeper Supply Chain Attack Activates After 6 Years

A coordinated supply chain attack has compromised between 500 and 1,000 e-commerce websites by exploiting vulnerabilities in 21...

Russian-Controlled Open Source Tool Raises Alarms Over U.S. Cybersecurity

A widely used open-source Go library, easyjson, used in healthcare, finance and even defence has come under scrutiny...

Signal Archiving Tool Used By Trump Admin Is Breached, Raising Alarms Over Messaging Security (EDITORIAL)

(EDITORIAL) A messaging tool used by Trump administration officials to archive encrypted Signal messages has been hacked —...

Anthropic Warns: AI “Virtual Employees” Could Pose Security Risks Within a Year

Anthropic, a leading artificial intelligence company, anticipates that AI-powered virtual employees could begin operating within corporate networks as...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways