Security News > 2023 > August > Zimbra users in Europe, Latin America face phishing threat
ESET researchers have uncovered a mass-spreading phishing campaign aimed at collecting Zimbra account users' credentials.
Zimbra Collaboration is an open-core collaborative software platform, a popular alternative to enterprise email solutions.
"Adversaries leverage the fact that HTML attachments contain legitimate code, with the only telltale element being a link pointing to the malicious host. In this manner, it is much easier to circumvent reputation-based antispam policies, especially compared to more prevalent phishing techniques, where a malicious link is directly placed in the email body," explains ESET researcher Viktor Šperka, who discovered the campaign.
The popularity of Zimbra Collaboration among organizations expected to have lower IT budgets ensures that it stays an attractive target for adversaries.
Initially, the target receives an email with a phishing page in the attached HTML file.
It is likely that the attackers were able to compromise the victim's administrator accounts and created new mailboxes that were then used to send phishing emails to other targets.