Security News > 2023 > October > Pro-Russia group exploits Roundcube zero-day in attacks on European government emails

Pro-Russia group exploits Roundcube zero-day in attacks on European government emails
2023-10-25 16:45

The Winter Vivern cyber spy group is exploiting an XSS zero-day vulnerability in attacks on European governments.

Researchers at ESET, who discovered the activity, didn't name the specific government entities it targeted but given Winter Vivern's nexus to Russia and Belarus, they are likely to be adversaries of those countries.

Winter Vivern has exploited known vulnerabilities in Roundcube and Zimbra for its espionage campaigns since 2022, but this zero-day observation shows an advancement in its operations, according to the researchers.

Researchers observed Winter Vivern exploiting CVE-2020-35730 as recently as August and September, despite the vulnerability being three years old.

Fancy Bear, the advanced persistent threat group believed to have ties with Russia's GRU, was also spotted exploiting the same old XSS vulnerability in Roundcube, and sometimes targeting the same victims as Winter Vivern.

The group is known for mainly targeting entities in Europe and Central Asia, but earlier this year had attacks against US government officials, as well as European lawmakers, pinned to it.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/25/prorussia_group_exploits_roundcube_zeroday/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-12-28 CVE-2020-35730 Cross-site Scripting vulnerability in multiple products
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10.
network
low complexity
roundcube fedoraproject debian CWE-79
6.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Roundcube 3 0 27 12 5 44