Security News > 2023 > October > Pro-Russia group exploits Roundcube zero-day in attacks on European government emails
The Winter Vivern cyber spy group is exploiting an XSS zero-day vulnerability in attacks on European governments.
Researchers at ESET, who discovered the activity, didn't name the specific government entities it targeted but given Winter Vivern's nexus to Russia and Belarus, they are likely to be adversaries of those countries.
Winter Vivern has exploited known vulnerabilities in Roundcube and Zimbra for its espionage campaigns since 2022, but this zero-day observation shows an advancement in its operations, according to the researchers.
Researchers observed Winter Vivern exploiting CVE-2020-35730 as recently as August and September, despite the vulnerability being three years old.
Fancy Bear, the advanced persistent threat group believed to have ties with Russia's GRU, was also spotted exploiting the same old XSS vulnerability in Roundcube, and sometimes targeting the same victims as Winter Vivern.
The group is known for mainly targeting entities in Europe and Central Asia, but earlier this year had attacks against US government officials, as well as European lawmakers, pinned to it.
News URL
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
- Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Exploit released for Palo Alto PAN-OS bug used in attacks, patch now (source)
- Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-28 | CVE-2020-35730 | Cross-site Scripting vulnerability in multiple products An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. | 6.1 |