Security News > 2023 > August > Phishing campaign steals accounts for Zimbra email servers worlwide
An ongoing phishing campaign has been underway since at least April 2023 that attempts to steal credentials for Zimbra Collaboration email servers worldwide.
According to the ESET researchers, the attacks start with a phishing email pretending to be from an organization's admin informing users of an imminent email server update, which will result in temporary account deactivation.
Hackers commonly target Zimbra Collaboration email servers for cyber espionage to collect internal communications or use them as an initial point of breach to spread to the target organization's network.
Last year, Volexity reported that a threat actor named 'TEMP Heretic' leveraged a then zero-day flaw in the Zimbra Collaboration product to access mailboxes and perform lateral phishing attacks.
Hackers exploited Salesforce zero-day in Facebook phishing attack.
Threat actors abuse Google AMP for evasive phishing attacks.
News URL
Related news
- Phishing Emails Targeting Australian Firms Rise by 30% in 2024 (source)
- The curious story of Uncle Sam's HR dept, a hastily set up email server, and fears of another cyber disaster (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Beware: PayPal "New Address" feature abused to send phishing emails (source)