A Russian hacking group tracked as TA473, aka 'Winter Vivern,' has been actively exploiting vulnerabilities in unpatched Zimbra endpoints since February 2023 to steal the emails of NATO officials, governments, military personnel, and diplomats.
Two weeks ago, Sentinel Labs reported on a recent operation by 'Winter Vivern' using sites mimicking European agencies fighting cybercrime to spread malware that pretends to be a virus scanner.
Today, Proofpoint has published a new report on how the threat actor exploits CVE-2022-27926 on Zimbra Collaboration servers to access the communications of NATO-aligned organizations and persons.
Despite researchers stating that 'Winter Vivern' is not particularly sophisticated, they follow an effective operational approach that works even against high-profile targets who fail to apply software patches quickly enough.
Considering that the earliest attacks were observed in February 2023, the delay in applying the security update is measured to at least ten months.
#Campaign #Vulnerability #IoCs