Cyber Attack

Hackers Exploit Zimbra and Roundcube Email Servers to Attack Government Organizations

by Esmeralda McKenzie
written by Esmeralda McKenzie
Hackers Exploit Zimbra and Roundcube Email Servers to Attack Government Organizations

Hackers Exploit Zimbra and Roundcube Email Servers to Attack Government Organizations

Hackers Assault Email Servers

An alarming spear-phishing marketing campaign has been uncovered, specifically geared toward authorities organizations. This attack preys on the vulnerabilities of Zimbra and Roundcube electronic mail servers.

It is primary that instantaneous motion is taken to proper these servers and forestall any longer breaches. Investigations by EclecticIQ published that the initial campaigns date abet to January of 2023.

These emails shunned authorities organizations’ anti-spam filters, which snarl that the risk actors outmoded a lot of evasion tactics to avoid spam detections.

On the opposite hand, the originating IP in the electronic mail headers suggests that the risk actor outmoded VPN companies to conceal his identification.

Zimbra Upkeep Mail for Phishing Marketing campaign

Spherical 12 phishing emails were analyzed, and none had their sender deal with spoofed.

This implies all these emails were from legit compromised authorities electronic mail servers that bypassed anti-spam filters.

Furthermore, your entire organizations in the sender addresses were the exhaust of Zimbra or Roundcube as their electronic mail servers.

1YXznYUqzFpZmtLiqcqj gPuNblQgN6PtT24YcGJ6lZ5iYVKErp1T88GV8Cvd0MufV ChUC3HSfcgJFbz3HKDnVaMnhu6foV7EvigA7Ps1n45lOzlUjFLBfKAIGzS7WLPQpj6q5Vk2BGfdLIQJRf4s
Organizations and countries tormented by this marketing campaign (Source: EclecticIQ)

Though the emails were having the context as a fraudulent Zimbra repairs alert notification, the language modified for every and each recipient aligned with their spoken language.

PMdrvg3f NCZcf6IFqLKoo3BIYfUzwRTKyc u2mLet0LwNo23NW6aRrkGSgHQQAdNAUetATGa2aS0amFPqG7rvf
Phishing Entice Email (Source: EclecticIQ)

As soon as the victims drop for this electronic mail, they are redirected to a fraudulent Zimbra login net page for credential stealing.

Risk actors enjoy outmoded legit net companies adore Google Firebase, Mailchimp, Chilipepper(.)io, and Webflow(.)io to intention discontinuance this info.

zcybrmrYkTEDQyk5FtVFI2Ke5ooRl4VUlg0g 5KGPD4hGxg0cfhiHyoSFkMGDNUJ22huxINb D5PW0eqNYUI 44 PsOV6PqfF7zgSepT8ObmiwxErktrGKrNfU1IyMAGhZg M8zj7QOk6yQQGIYka1c
Wrong Zimbra Login Web page (Source: EclecticIQ)

It is believed that risk actors were exploiting known vulnerabilities CVE-2020-35730 and CVE-2020-12641 in RoundCube versions 1.4.10 and 1.4.11. Ukraine became as soon as one among the countries targeted for the period of these phishing campaigns.

EclecticIQ has published a entire investigation story that unearths your entire tactics, methods, and ways outmoded by the risk actors for stealing credentials.

It is strongly instantaneous that Zimbra customers update to the latest version (8.8.15) to prevent it from getting exploited.

Source credit : cybersecuritynews.com

Related Posts

R0bl0ch0n Rogue TDS Impacted Over 110 Million Internet...

Patchwork Hackers Upgraded Their Arsenal With Advanced PGoShell

8.5 Million Windows Systems Hit by CrowdStrike Faulty...

Hackers Exploits CrowdStrike Issues to Attack Windows System...

Cybercriminals Heavily Preparing For 2024 Paris Olympic Games...

Tools Used By NullBulge Actor, Who Released Disney's...

Hackers Attacking Windows Users With Internet Explorer Zero-Day...

CRYSTALRAY Hackers Exploiting Popular pentesting Tools To Evade...

OilAlpha Hacker Group Attacking Humanitarian & Human Rights...

Hackers Weaponizing Shortcut Files With Zero-day Tricks To...