Security News > 2022 > February > Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users

A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021.

The espionage operation - codenamed "EmailThief" - was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the cross-site scripting vulnerability could result in the execution of arbitrary JavaScript code in the context of the user's Zimbra session.

The zero-day bug impacts the most recent open-source edition of Zimbra running version 8.8.15.

In the subsequent stage, multiple waves of email messages were broadcasted to trick the recipients into clicking a malicious link.

"For the attack to be successful, the target would have to visit the attacker's link while logged into the Zimbra webmail client from a web browser," Steven Adair and Thomas Lancaster noted.

"Users of Zimbra should consider upgrading to version 9.0.0, as there is currently no secure version of 8.8.15," the company added.

News URL

https://thehackernews.com/2022/02/hackers-exploited-0-day-vulnerability.html