Google researchers have discovered a vulnerability in Zimbra’s email product that allowed hackers to attack government agencies in Greece, Tunisia, Moldova, Vietnam, and Pakistan. The bug, classified as CVE-2023-37580, was discovered in June and exploited by four different groups. The attacks targeted government organisations in Greece, Moldova, Tunisia, Vietnam, and Pakistan. The hackers stole email information, user credentials, and authentication tokens. Zimbra released a hotfix for the issue on GitHub on July 5 and published an advisory with remediation guidance on July 13. An official patch was pushed out by July 25.
Google observed three threat groups exploiting the vulnerability prior to the release of the official patch. A fourth campaign using the XSS vulnerability after the official patch was released. The attacks were examples of how attackers monitor open-source repositories where fixes for vulnerabilities are posted but not yet released to users. This is the second vulnerability affecting Zimbra mail servers used in attacks on governments, following exploitation in 2022 of another XSS vulnerability, CVE-2022-24682. The researchers urge users and organisations to apply patches quickly and keep software fully up-to-date for their full protection.
CENTRAL EASTERN EUROPE NEWS
East Europe Among Targets of Zimbra Hacking
Follow us
