Google’s superhero squad, the Threat Analysis Group, just cracked the case on a sneaky email server hack. The bad guys targeted governments in Greece, Moldova, Tunisia, Vietnam, and Pakistan. The weapon of choice? An email server flaw (cue dramatic music) known as CVE-2023-37580, lurking in Zimbra Collaboration.
Here’s the play-by-play: The attackers sent emails containing the exploit to government organizations. If someone took the bait and clicked while logged into their Zimbra account, boom! The bad guys swiped email data and set up auto-forwarding to hijack the whole address. Sneaky, right?
Now, Zimbra had a fix up on GitHub by July 5, but here’s the twist – most folks didn’t get around to updating until after the exploit party had started. It’s a wake-up call to update those neglected devices, ASAP!
But wait, there’s more. Google’s superhero squad uncovered that a group called Winter Vivern snagged the exploit in mid-July and targeted government peeps in Moldova and Tunisia. Another mysterious player used the same trick to fish for credentials from Vietnam’s government members, publishing the loot on a dodgy government domain. The final act took aim at a government organization in Pakistan to swipe Zimbra authentication tokens, the golden keys to locked-up info.
Zimbra, with its 200,000-plus customers, has been a favorite among cyber baddies. It’s like the catnip for attackers, especially with over 1,000 government organizations in its clientele. Earlier this year, Zimbra users faced a massive phishing campaign, and in 2022, another Zimbra exploit was used to snatch emails from European government and media bigwigs.
