Security News > 2023 > November > Google: Hackers exploited Zimbra zero-day in attacks on govt orgs
Google's Threat Analysis Group has discovered that threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive data from government systems in multiple countries.
According to Google's threat analysts, the threat actors exploited the vulnerability on government systems in Greece, Moldova, Tunisia, Vietnam, and Pakistan to steal email data, user credentials, and authentication tokens, perform email forwarding, and lead victims to phishing pages.
Google observed four distinct threat actors using the vulnerability that was unknown at the time of exploitation in late June 2023 against a government organization in Greece.
Zimbra pushed an emergency hotfix on GitHub after Google analysts alerted the company of the observed compromises.
On July 13, Zimbra published a security advisory recommending mitigations for the vulnerability but there was no note about hackers actively exploiting the bug.
Google assigns new maximum rated CVE to libwebp bug exploited in attacks.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)