Security News > 2022 > April > Hackers target Ukrainian govt with IcedID malware, Zimbra exploits
Hackers are targeting Ukrainian government agencies with new attacks exploiting Zimbra exploits and phishing attacks pushing the IcedID malware.
The Computer Emergency Response Team of Ukraine detected the new campaigns and attributed the IcedID phishing attack to the UAC-0041 threat cluster, previously connected with AgentTesla distribution, and the second to UAC-0097, a currently unknown actor.
The attached images contain a content-location header that links to a web resource hosting JavaScript code that triggers the exploitation of the Zimbra CVE-2018-6882 vulnerability.
This cross-site scripting vulnerability affects Zimbra Collaboration Suite versions 8.7 and older, enabling remote attackers to inject arbitrary web script or HTML via a content-location header in email attachments.
Zimbra is an email and collaboration platform that also includes instant messaging, contacts, video conferencing, file sharing, and cloud storage capabilities.
CERT-UA advises all organizations in Ukraine using Zimbra to update to the latest available versions of the suite immediately.
News URL
Related news
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert! (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features (source)
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-27 | CVE-2018-6882 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. | 6.1 |