Users of collaboration tool Zimbra have their accounts stolen
Date:
Fri, 18 Aug 2023 11:45:30 +0000
Description:
Someone is sending out convincing phishing emails and stealing Zimbra accounts.
FULL STORY ======================================================================
A new phishing campaign targeting users of the Zimbra Collaboration email servers has been spotted, and researchers are saying its quite successful.
Zimbra Collaboration is a online collaborative suite that comes with an email server and a web client.
According to researchers from ESET, cybercriminals started sending phishing emails to victims at random in April 2023, in an attempt to obtain login credentials for the service. Fake login page
In these emails, the attackers assume the identity of the victim
organizations administrator, and tell the recipient that their email server
is about to be updated. This update will make the email inbox inaccessible, and possibly result in termination.
To make sure that doesnt happen, the victim is advised to open the HTML file that is attached to the email and review the instructions found there.
The attachment, however, holds no instructions. Instead, it shows a fake Zimbra login page with the username prefilled, where users can type in their passwords. These are then sent to the attackers server via an HTTPS POST request. Read more
Some of Google's new domain names could pose a serious security risk
These dangerous phishing attacks are more common than ever - here's what
you need to know
Here's our list of the best ID theft protection software
In some cases, ESET further stated, the attackers would use previously compromised admin accounts to create new accounts on Zimbra servers for phishing email distribution, further adding to the perceived legitimacy of
the emails. Theyre saying that the campaign is hardly sophisticated, but its results are impressive.
According to BleepingComputer, Zimbra Collaboration email servers are
commonly targeted by cybercriminals. They use them for cyber espionage, collecting internal company communications. They can also sometimes use them as an initial point of breach, to further move laterally throughout the
target network.
One such scenario happened earlier this year, when a Russian threat actor abused a vulnerability in the tool (CVE-2022-27926) to snoop on emails belonging to organizations aligned with the North Atlantic Treaty
Organization (NATO). Governments, diplomats, and military personnel were also targeted, the publication said.
Another attack occurred in October 2022, when more than 900 servers were hacked thanks to a Zimbra zero-day. Kaspersky labeled the flaw as a remote code execution vulnerability that allows threat actors to send an email with
a malicious file that deploys a webshell in the Zimbra server without triggering an antivirus alarm. It is now tracked as CVE-2022-41352 and some researchers claim as many as 1,600 servers were compromised as a result.
These are the best secure email providers out there
Via: BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/pro/security/users-of-collaboration-tool-zimbra-have -their-accounts-stolen
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)