Security News > 2023 > August > New Wave of Attack Campaign Targeting Zimbra Email Users for Credential Theft
A new "Mass-spreading" social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in follow-on operations.
"Initially, the target receives an email with a phishing page in the attached HTML file," ESET researcher Viktor Šperka said in a report.
"The email warns the target about an email server update, account deactivation, or similar issue and directs the user to click on the attached file."
Subsequent phishing waves have leveraged accounts of previously targeted, legitimate companies, suggesting that the infiltrated administrator accounts associated with those victims were used to send emails to other entities of interest.
"One explanation is that the adversary relies on password reuse by the administrator targeted through phishing - i.e., using the same credentials for both email and administration," Šperka noted.
"This way, it is much easier to circumvent reputation-based anti-spam policies, compared to phishing techniques where a malicious link is directly placed in the email body," Šperka said.
News URL
https://thehackernews.com/2023/08/new-wave-of-attack-campaign-targeting.html
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) (source)
- Gang gobbles 15K credentials from cloud and email providers' garbage Git configs (source)