Security News > 2023 > August > New Wave of Attack Campaign Targeting Zimbra Email Users for Credential Theft
A new "Mass-spreading" social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in follow-on operations.
"Initially, the target receives an email with a phishing page in the attached HTML file," ESET researcher Viktor Šperka said in a report.
"The email warns the target about an email server update, account deactivation, or similar issue and directs the user to click on the attached file."
Subsequent phishing waves have leveraged accounts of previously targeted, legitimate companies, suggesting that the infiltrated administrator accounts associated with those victims were used to send emails to other entities of interest.
"One explanation is that the adversary relies on password reuse by the administrator targeted through phishing - i.e., using the same credentials for both email and administration," Šperka noted.
"This way, it is much easier to circumvent reputation-based anti-spam policies, compared to phishing techniques where a malicious link is directly placed in the email body," Šperka said.
News URL
https://thehackernews.com/2023/08/new-wave-of-attack-campaign-targeting.html
Related news
- How New AI Agents Will Transform Credential Stuffing Attacks (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- ClickFix attack delivers infostealers, RATs in fake Booking.com emails (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Australian pension funds hit by wave of credential stuffing attacks (source)
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)
- CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download (source)
- Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials (source)