Here’s the play-by-play: The attackers sent emails containing the exploit to government organizations. If someone took the bait and clicked while logged into their Zimbra account, boom! The bad guys swiped email data and set up auto-forwarding to hijack the whole address. Sneaky, right?
