Tag

Winter Vivern

All articles tagged with #winter vivern

cybersecurity2 years ago•2 min saved

"Massive Cyber Espionage Campaign Targets European Governments with Webmail Zero-Day Exploit"

Pro-Russia hackers known as Winter Vivern have been exploiting a zero-day vulnerability in Roundcube, a widely used webmail software, to target governmental entities and a think tank in Europe. The vulnerability allowed the hackers to inject JavaScript into the Roundcube server application, triggering the server to send emails from selected targets to a server controlled by the threat actor. The attacks began on October 11 and were detected by security firm ESET, who promptly reported the vulnerability to Roundcube developers. Winter Vivern has previously targeted US government officials and has been active since at least 2020, primarily focusing on Europe and Central Asia. Users of Roundcube are advised to ensure they are running a patched version of the software.

via Ars Technica|

#cybersecurity #pro-russia-hackers #roundcube

cybersecurity2 years ago•2 min saved

Zero-Day Exploits: European Governments and Russian Organizations Targeted in Roundcube Webmail Hacks

The Winter Vivern Russian hacking group has been exploiting a zero-day vulnerability in Roundcube Webmail to target European government entities and think tanks since October 11. The vulnerability allowed the group to remotely inject arbitrary JavaScript code into Roundcube email servers, enabling them to harvest and steal emails. The Roundcube development team released security updates to fix the vulnerability after it was reported by ESET researchers. Winter Vivern has previously targeted government organizations using known vulnerabilities in Roundcube and Zimbra email servers. The group's persistence and regular phishing campaigns pose a significant threat to European governments.

via BleepingComputer|

#cyberespionage #cybersecurity #european-government