2 hours ago
October 27, 2023 at 7:20 am
Winter Vivern, believed to be a Belarus-aligned hacker, attacked European government entities and a think tank starting on Oct. 11, according to an Ars Technica report Wednesday. ESET Research discovered the hack that exploited a zero-day vulnerability in Roundcube, a webmail server with millions of users, and allowed the pro-Russian group to exfiltrate sensitive emails.
Roundcube patched the XSS vulnerability on Oct. 14, two days after ESET Research reported it. Winter Vivern sent malicious code to users disguised in an innocent-looking email from team.management@outlook.com. Users simply viewed the message in a web browser, and the hacker could access all their emails. Winter Vivern is a cyberespionage group that has been active since at least 2020 targeting governments in Europe and Central Asia.
“Despite the low sophistication of the group’s toolset, it is a threat to governments in Europe because of its persistence, very regular running of phishing campaigns,” said Matthieu Faou, a malware researcher at ESET, in a post.
Roundcube released an update for multiple versions of its software on Oct. 16 fixing the cross-site scripting vulnerabilities. Despite the patch and known vulnerabilities in older versions, many applications don’t get updated by users, says Faou.
Roundcube did not immediately respond to Gizmodo’s request for comment.
In March, the Belarus-aligned hacker targeted elected US officials supporting Ukraine, exploiting unpatched Zimbra servers. Those attacks threatened to compromise government officials’ email accounts.
“This actor has been tenacious in its targeting of American and European officials as well as military and diplomatic personnel in Europe,” Proofpoint Threat Researcher Michael Raggi told Ars Technica.
It is unclear which European government entities, or which think tank, were the target of this latest attack from Winter Vivern. Roundcube strongly recommends all users to update to the latest version.
>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Gizmodo (AU) – https://gizmodo.com.au/2023/10/pro-russia-hackers-target-european-government-with-roundcube-webmail-bug/