Security News > 2023 > October > Pro-Russia group exploits Roundcube zero-day in attacks on European government emails
The Winter Vivern cyber spy group is exploiting an XSS zero-day vulnerability in attacks on European governments.
Researchers at ESET, who discovered the activity, didn't name the specific government entities it targeted but given Winter Vivern's nexus to Russia and Belarus, they are likely to be adversaries of those countries.
Winter Vivern has exploited known vulnerabilities in Roundcube and Zimbra for its espionage campaigns since 2022, but this zero-day observation shows an advancement in its operations, according to the researchers.
Researchers observed Winter Vivern exploiting CVE-2020-35730 as recently as August and September, despite the vulnerability being three years old.
Fancy Bear, the advanced persistent threat group believed to have ties with Russia's GRU, was also spotted exploiting the same old XSS vulnerability in Roundcube, and sometimes targeting the same victims as Winter Vivern.
The group is known for mainly targeting entities in Europe and Central Asia, but earlier this year had attacks against US government officials, as well as European lawmakers, pinned to it.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- ClickFix attack delivers infostealers, RATs in fake Booking.com emails (source)
- Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-28 | CVE-2020-35730 | Cross-site Scripting vulnerability in multiple products An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. | 6.1 |