Security News > 2023 > August > New Wave of Attack Campaign Targeting Zimbra Email Users for Credential Theft
A new "Mass-spreading" social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in follow-on operations.
"Initially, the target receives an email with a phishing page in the attached HTML file," ESET researcher Viktor Šperka said in a report.
"The email warns the target about an email server update, account deactivation, or similar issue and directs the user to click on the attached file."
Subsequent phishing waves have leveraged accounts of previously targeted, legitimate companies, suggesting that the infiltrated administrator accounts associated with those victims were used to send emails to other entities of interest.
"One explanation is that the adversary relies on password reuse by the administrator targeted through phishing - i.e., using the same credentials for both email and administration," Šperka noted.
"This way, it is much easier to circumvent reputation-based anti-spam policies, compared to phishing techniques where a malicious link is directly placed in the email body," Šperka said.
News URL
https://thehackernews.com/2023/08/new-wave-of-attack-campaign-targeting.html