Threat actors use Zimbra exploits to target organizations in Ukraine

Pierluigi Paganini April 15, 2022

Threat actors are targeting Ukrainian government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882).

Ukraine’s CERT (CERT-UA) warns of threat actors that are targeting government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882).

“Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.” reads the description of this issue published by the NIST NVD.

The CERT-UA uncovered a cyber espionage campaign conducted by nation-state actors, attackers used phishing messages with the subject “Volodymyr Zelenskyy presented the Golden Star Orders to serve the Armed Forces of Ukraine and members of the families of the fallen Heroes of Ukraine “.

The phishing message uses attached images allegedly from an event where President V. Zelensky awarded members of the Armed Forces.

CERT-UA Ukraine phishing Zimbra

These images contain a content-location header that loads and execute a JavaScript code. This second script adds to the configuration of the email account of the victim, the attacker’s email address, in this way any message sent to the victim will be forwarded to the attacker’s account

CERT-UA urges organizations in Ukraine using Zimbra to update to the latest versions.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: 
https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Ukraine)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment