Security News > 2023 > March > Pro-Russia cyber gang Winter Vivern puts US, Euro lawmakers in line of fire
A cyber spy gang supporting Russia is targeting US elected officials and their staffers, in addition to European lawmakers, using unpatched Zimbra Collaboration software in two campaigns spotted by Proofpoint.
At the time, the criminals were targeting government agencies in Azerbaijan, Cyprus, India, Italy, Lithuania, Ukraine, and the Vatican.
In more recent campaigns disclosed earlier this year, the gang focused its attention on government agencies and officials in Ukraine, Poland, Italy and India, as well as telecommunications organizations supporting Ukraine during the ongoing war.
Those campaigns typically used phishing campaigns, with lures spoofing government agencies or disguised as or bogus antivirus software to trick targets into downloading malware-laden documents.
"Often targeted individuals are experts in facets of European politics or economy as it pertains to regions impacted by the ongoing conflict. Social engineering lures and impersonated organizations often pertain to Ukraine in the context of armed conflict."
As of early 2023, Proofpoint says the miscreants' phishing campaigns targeting European government agencies exploited CVE-2022-27926 - a critical cross-site scripting vulnerability in Zimbra Collaboration versions 9.0.0 that hosts public-facing webmail portals.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/03/31/winter_vivern_european_goverments/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-21 | CVE-2022-27926 | Unspecified vulnerability in Zimbra Collaboration 9.0.0 A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. | 6.1 |