In some instances, the attackers have also been using previously compromised admin accounts to create new accounts on Zimbra servers for the purpose of distributing these phishing emails. While the campaign’s tactics are not considered sophisticated, its success rate has been notable.
Zimbra Collaboration email servers have been frequently targeted by cybercriminals for various purposes. Some attackers use them for cyber espionage, gaining access to internal company communications. Others use these servers as an initial point of entry to move laterally within the target network.
