Security News > 2023 > October > European govt email servers hacked using Roundcube zero-day

Their phishing messages impersonated the Outlook Team and tried to trick potential victims into opening malicious emails, automatically triggering a first-stage payload that exploited the Roundcube email server vulnerability.
"The final JavaScript payload [.] is able to list folders and emails in the current Roundcube account, and to exfiltrate email messages to the C&C server."
Winter Vivern has been actively targeting Zimbra and Roundcube email servers owned by governmental organizations since at least 2022.
Notably, this same vulnerability was exploited by Russian APT28 military intelligence hackers affiliated with Russia's General Staff Main Intelligence Directorate to compromise Roundcube email servers belonging to the Ukrainian government.
"Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube. Previously, it was using known vulnerabilities in Roundcube and Zimbra, for which proofs of concept are available online," ESET said.
US govt email servers hacked in Barracuda zero-day attacks.
News URL
Related news
- CentreStack RCE exploited as zero-day to breach file sharing servers (source)
- Oracle says "obsolete servers" hacked, denies cloud breach (source)
- Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers (source)
- Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server (source)
- Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers (source)
- Russia's Fancy Bear swipes a paw at logistics, transport orgs' email servers (source)