So, the savvy folks over at Google’s Threat Analysis Group (TAG) recently uncovered a real head-scratcher – a zero-day vulnerability playing hide-and-seek in a popular email server platform. And guess what? Hackers were using this sneaky trick to snatch up sensitive data from government organizations all over the globe.
According to the TAG researchers, Clement Lecigne and Maddie Stone spilled the cyber-beans in a blog post. They found a cross-site scripting (XSS) flaw back in June, chilling in the widely used Zimbra Collaboration email server platform. Now, for those not in the cybersecurity lingo, an XSS flaw is like giving hackers a backstage pass to inject malicious scripts into websites. These scripts act like cyber-spiders, crawling around and snagging sensitive info – emails, user credentials, you name it.
The flaw’s now got a name – CVE-2023-37580. And here’s where it gets spicy – between the discovery and the patching, Google noticed four cyber bad guys having a field day. One of them was sending crafty emails with an exploit URL to folks in a Greek government organization. Click the link, and boom! The URL works its magic, using XSS to swipe emails, attachments, and even setting up a cheeky auto-forwarding rule to an address controlled by the hacker.
Then, there’s campaign number two hitting up government crews in Moldova and Tunisia, followed by a third one eyeing a Vietnamese organization. Last but not least, someone had the audacity to try and snag Zimbra authentication tokens from the hardworking folks in a Pakistani government organization.