Security News > 2022 > February > Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users
A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021.
The espionage operation - codenamed "EmailThief" - was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the cross-site scripting vulnerability could result in the execution of arbitrary JavaScript code in the context of the user's Zimbra session.
The zero-day bug impacts the most recent open-source edition of Zimbra running version 8.8.15.
In the subsequent stage, multiple waves of email messages were broadcasted to trick the recipients into clicking a malicious link.
"For the attack to be successful, the target would have to visit the attacker's link while logged into the Zimbra webmail client from a web browser," Steven Adair and Thomas Lancaster noted.
"Users of Zimbra should consider upgrading to version 9.0.0, as there is currently no secure version of 8.8.15," the company added.
News URL
https://thehackernews.com/2022/02/hackers-exploited-0-day-vulnerability.html
Related news
- U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)