February 19, 2024 at 08:03AM Recorded Future alerts about Winter Vivern, a Russian cyberespionage group, exploiting Roundcube webmail servers to target European government and military entities. The group also attacked infrastructure in Europe and Central Asia, aligned with Russian and Belarusian interests. Social engineering and XSS vulnerabilities are being used to gain access for intelligence … Read more
February 19, 2024 at 12:45AM Belarus and Russia-linked threat actors, identified as Winter Vivern, conducted a cyber espionage campaign exploiting vulnerabilities in Roundcube webmail servers, targeting over 80 organizations in Georgia, Poland, and Ukraine. The campaign aimed to gather intelligence on European political and military activities, demonstrating high sophistication in attack methods. TAG-70 also targeted … Read more
February 17, 2024 at 03:07AM Winter Vivern, a Russia-aligned threat group, exploited cross-site scripting vulnerabilities in Roundcube webmail servers across Europe, primarily targeting government, military, and national infrastructure in Georgia, Poland, and Ukraine. Using social engineering techniques and a zero-day exploit, they gained unauthorized access to mail servers, potentially for cyber-espionage serving the interests of … Read more
October 25, 2023 at 12:50PM The Winter Vivern cyber spy group has targeted European governments by exploiting an XSS zero-day vulnerability in the Roundcube webmail client. The group, linked to Russia and Belarus, used a convincing phishing email to launch a malicious payload, allowing them to access victims’ Roundcube accounts. Researchers warn that the group’s … Read more
October 25, 2023 at 12:16PM Winter Vivern, a Russia-linked advanced persistent threat (APT) actor, has been exploiting a zero-day vulnerability in the Roundcube webmail server to target government entities and a think tank in Europe. Winter Vivern, also known as TA473, focuses on espionage and has previously targeted NATO countries. It has been targeting email … Read more
October 25, 2023 at 11:41AM Winter Vivern, a low-profile threat group, has been exploiting a zero-day flaw in Roundcube Webmail servers to target governmental organizations and a think tank in Europe. The group sends a specially crafted email that loads an arbitrary JavaScript code, exploiting a newly discovered cross-site scripting flaw. Roundcube has released security … Read more
October 25, 2023 at 09:45AM The Winter Vivern threat actor has been using a zero-day vulnerability in Roundcube webmail software to access victim’s email accounts. Winter Vivern has previously targeted Ukraine, Poland, and government entities in Europe and India. The newly discovered vulnerability, CVE-2023-5631, allows for the injection of arbitrary JavaScript code. Attackers employ a … Read more
October 25, 2023 at 09:41AM The Winter Vivern Russian hacking group has been targeting European government entities and think tanks since at least October 11 by exploiting a zero-day vulnerability in Roundcube Webmail. The Roundcube development team has released security updates to fix the vulnerability. The group, also known as TA473, uses phishing emails containing … Read more
October 25, 2023 at 09:19AM The Winter Vivern Russian hacking group has been targeting European government entities and think tanks since at least October 11. They have been exploiting a Roundcube Webmail zero-day vulnerability and using phishing emails to inject arbitrary JavaScript code. The group has also targeted Zimbra and previously exploited vulnerabilities in Roundcube … Read more