Security News > 2023 > August > Phishing campaign steals accounts for Zimbra email servers worlwide
An ongoing phishing campaign has been underway since at least April 2023 that attempts to steal credentials for Zimbra Collaboration email servers worldwide.
According to the ESET researchers, the attacks start with a phishing email pretending to be from an organization's admin informing users of an imminent email server update, which will result in temporary account deactivation.
Hackers commonly target Zimbra Collaboration email servers for cyber espionage to collect internal communications or use them as an initial point of breach to spread to the target organization's network.
Last year, Volexity reported that a threat actor named 'TEMP Heretic' leveraged a then zero-day flaw in the Zimbra Collaboration product to access mailboxes and perform lateral phishing attacks.
Hackers exploited Salesforce zero-day in Facebook phishing attack.
Threat actors abuse Google AMP for evasive phishing attacks.
News URL
Related news
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)