Security News > 2023 > October > European govt email servers hacked using Roundcube zero-day
Their phishing messages impersonated the Outlook Team and tried to trick potential victims into opening malicious emails, automatically triggering a first-stage payload that exploited the Roundcube email server vulnerability.
"The final JavaScript payload [.] is able to list folders and emails in the current Roundcube account, and to exfiltrate email messages to the C&C server."
Winter Vivern has been actively targeting Zimbra and Roundcube email servers owned by governmental organizations since at least 2022.
Notably, this same vulnerability was exploited by Russian APT28 military intelligence hackers affiliated with Russia's General Staff Main Intelligence Directorate to compromise Roundcube email servers belonging to the Ukrainian government.
"Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube. Previously, it was using known vulnerabilities in Roundcube and Zimbra, for which proofs of concept are available online," ESET said.
US govt email servers hacked in Barracuda zero-day attacks.