Russian Hackers Exploit Roundcube Flaw | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

  • Researchers are warning about a new cyber espionage campaign run by Russian hackers against Roundcube webmail servers.
  • The threat actor used the campaign to collect military and political intelligence, particularly associated with the conflict in Ukraine.

Researchers at CISA have warned that Russia-backed hackers are actively exploiting a Roundcube email server flaw and have already impacted over 80 organizations. The bug known as CVE-2023-43770 is a persistent cross-site scripting (XSS) vulnerability that allows threat actors to access restricted information through text messages in low-complexity attacks that exploit user-device interactions.

The attackers, a group known as ‘Winter Vivern’ or TA473 and UAC0114, have hit several organizations across Europe, including Ukraine, Poland, and Georgia. The group has been linked to exploiting a Zimbra Collaboration email software vulnerability against organizations in Tunisia and Moldova.

See More: Breach Alert: 18,000 User Credentials Offered on Dark Web After AnyDesk Confirms Incident

The attacks exploit Roundcube’s vulnerabilities to inject JavaScript payloads designed to extract sensitive data, such as usernames and passwords, to a remote command and control center. The attacks seem to be motivated by geopolitical objectives, including the extraction of data associated with the ongoing conflict in Ukraine.

While the patch for the vulnerability has been available for a few months now, Roundcube has urged its users to update all installations of the 1.6.x versions. The CISA has also ordered the U.S. Federal Civilian Executive Branch (FCEB) to take adequate measures against the bug by the 4th of March. The attacks highlight the growing need for governments and businesses to protect themselves against the growing threat arising from geopolitically-motivated nation-state actors in the months ahead, especially with the 2024 elections around the corner.

What do you think about the growing threat of nation-state actors in cybersecurity? Let us know your thoughts on LinkedInOpens a new window