Security News > 2023 > October > Pro-Russia group exploits Roundcube zero-day in attacks on European government emails
The Winter Vivern cyber spy group is exploiting an XSS zero-day vulnerability in attacks on European governments.
Researchers at ESET, who discovered the activity, didn't name the specific government entities it targeted but given Winter Vivern's nexus to Russia and Belarus, they are likely to be adversaries of those countries.
Winter Vivern has exploited known vulnerabilities in Roundcube and Zimbra for its espionage campaigns since 2022, but this zero-day observation shows an advancement in its operations, according to the researchers.
Researchers observed Winter Vivern exploiting CVE-2020-35730 as recently as August and September, despite the vulnerability being three years old.
Fancy Bear, the advanced persistent threat group believed to have ties with Russia's GRU, was also spotted exploiting the same old XSS vulnerability in Roundcube, and sometimes targeting the same victims as Winter Vivern.
The group is known for mainly targeting entities in Europe and Central Asia, but earlier this year had attacks against US government officials, as well as European lawmakers, pinned to it.
News URL
Related news
- Evil Corp's deep ties with Russia and NATO member attacks exposed (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-28 | CVE-2020-35730 | Cross-site Scripting vulnerability in multiple products An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. | 6.1 |