November 16, 2023 at 11:52AM
Four separate cyberattack groups have exploited a former zero-day vulnerability in the Zimbra Collaboration Suite (ZCS) to steal email data, user credentials, and authentication tokens from government organizations worldwide. The bug, which was patched on July 25, enabled the attackers to set up auto-forwarding rules to an attacker-controlled email address. The attacks targeted organizations in Greece, Moldova, Tunisia, Vietnam, and Pakistan. Cyberattackers frequently target mail servers, highlighting the need for organizations to promptly patch vulnerabilities.
Summary: Several cyberattack groups have used a former zero-day vulnerability in the Zimbra Collaboration Suite (ZCS) to target government organizations globally. The vulnerability, CVE-2023-37580, is a cross-site scripting (XSS) vulnerability that was patched on July 25. The attacks began in June and targeted organizations in Greece, Moldova, Tunisia, Vietnam, and Pakistan. The attackers used exploit URLs to steal email data, credentials, and authentication tokens. It is important for organizations to apply the necessary fixes to their mail servers promptly to prevent such attacks. This incident highlights the ongoing exploitation of vulnerabilities in mail servers, and further code auditing is needed to address XSS vulnerabilities in these applications.