Pro-Russia cyber gang Winter Vivern puts US, Euro lawmakers in line of fire
TA473 is hyperlinking a benign URL in the body of a phishing email with a URL that leverages CVE-2022-27926. The malicious URL uses the webmail domain that has a vulnerable Zimbra Collaboration Suite instance and appends an arbitrary hexadecimal encoded or plaintext JavaScript snippet, which is executed as an error parameter when it is received in the initial web request.
The threat hunters say they spotted Winter Vivern deploying the malicious JavaScript on"European governmental organizations" last month – they won't identify which ones. And the criminals used the campaigns to steal officials' usernames, passwords and active CSR tokens. They then cached the stolen data in the attacker-controlled server, and logged in to legitimate mail portals using the stolen credentials and tokens.
Proofpoint concurs with SentinalOne's assessment of Winter Vivern. While it may not be the most sophisticated APT crew, its scrappy, keep-at-it attitude – and using a repeatable process for breaking into high-profile geopolitical targets – keeps paying dividends. "TA473's persistent approach to vulnerability scanning and exploitation of unpatched vulnerabilities impacting publicly facing webmail portals is a key factor in this actor's success," Proofpoint observed.
The security researchers also"strongly recommend" patching all versions of Zimbra Collaboration used in publicly facing webmail portals. Again, it's worth noting that a fix for this flaw under active exploitation has been available for a year. ®
Deutschland Neuesten Nachrichten, Deutschland Schlagzeilen
Similar News:Sie können auch ähnliche Nachrichten wie diese lesen, die wir aus anderen Nachrichtenquellen gesammelt haben.
European Gas Prices Extend Gains As French Strikes Block LNG Imports | OilPrice.comNationwide strikes in France and the expectation of a colder-than-normal April are pushing European natural gas prices higher.
Weiterlesen »
More private jets took off from UK than any other European country in 2022, study findsThe UK can claim the most flights and the most emissions as well as the busiest and most carbon-intensive routes, aviation experts said.
Weiterlesen »
Spain’s inflation almost halves to 3.1% as European energy prices slide\n\t\t\tKeep abreast of significant corporate, financial and political developments around the world.\n\t\t\tStay informed and spot emerging risks and opportunities with independent global reporting, expert\n\t\t\tcommentary and analysis you can trust.\n\t\t
Weiterlesen »
Spain’s inflation almost halves to 3.1% as European energy prices slide\n\t\t\tJournalists in 50+ countries follow the constant flow of money made and lost in oil & gas while\n\t\t\ttracking emerging trends and opportunities in the future of energy. Don’t miss our exclusive\n\t\t\tnewsletter, Energy Source.\n\t\t
Weiterlesen »
Sticky inflation confirms there is more for the European Central Bank to doSky's Ian King casts his eye over the latest inflation figures coming out of the euro area, which show a mixed picture for the policymakers in Frankfurt to grapple.
Weiterlesen »
Easter holidays to popular European destinations at risk as Heathrow strikes beginEaster holidays to popular European destinations including Amsterdam, Nice and Prague are at risk for thousands of Britons as strikes by French air traffic controllers and Heathrow security staff forced the cancellation of scores of flights
Weiterlesen »