Security News > 2022 > February > Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users
A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021.
The espionage operation - codenamed "EmailThief" - was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the cross-site scripting vulnerability could result in the execution of arbitrary JavaScript code in the context of the user's Zimbra session.
The zero-day bug impacts the most recent open-source edition of Zimbra running version 8.8.15.
In the subsequent stage, multiple waves of email messages were broadcasted to trick the recipients into clicking a malicious link.
"For the attack to be successful, the target would have to visit the attacker's link while logged into the Zimbra webmail client from a web browser," Steven Adair and Thomas Lancaster noted.
"Users of Zimbra should consider upgrading to version 9.0.0, as there is currently no secure version of 8.8.15," the company added.
News URL
https://thehackernews.com/2022/02/hackers-exploited-0-day-vulnerability.html
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)