Global Governments Targeted in Massive Zimbra Zero-Day Hacking Spree
Google's Threat Analysis Group (TAG) has discovered that hackers exploited a zero-day vulnerability in Zimbra Collaboration email server, known as CVE-2023-37580, to steal sensitive data from government systems in multiple countries. The vulnerability, an XSS issue in the Zimbra Classic Web Client, was exploited by four distinct threat actors before the vendor released a patch. The attacks involved email data exfiltration, auto-forwarding, and phishing. Google's report highlights the importance of timely security updates, even for medium-severity vulnerabilities, as adversaries can exploit them to further their attacks. This incident is another example of XSS flaws being leveraged to target mail servers.
- Google: Hackers exploited Zimbra zero-day in attacks on govt orgs BleepingComputer
- Google identifies hacking attack on government of Pakistan and these countries Times of India
- An email vulnerability let hackers steal data from governments around the world Engadget
- APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide DARKReading
- Zimbra Zero-Day Exploited to Hack Government Emails SecurityWeek
Reading Insights
0
1
2 min
vs 3 min read
75%
403 → 100 words
Want the full story? Read the original article
Read on BleepingComputer