Pro-Russia Hackers Target European Government With Roundcube Webmail Bug
Winter Vivern, believed to be a Belarus-aligned hacker, attacked European government entities and a think tank starting on Oct. 11, according to an Ars Technica report Wednesday. ESET Research discovered the hack that exploited a zero-day vulnerability in Roundcube, a webmail server with millions of users, and allowed the pro-Russian group to exfiltrate sensitive emails.
Roundcube patched the XSS vulnerability on Oct. 14, two days after ESET Research reported it. Winter Vivern sent malicious code to users disguised in an innocent-looking email from team.management@outlook.com. Users simply viewed the message in a web browser, and the hacker could access all their emails. Winter Vivern is a cyberespionage group that has been active since at least 2020 targeting governments in Europe and Central Asia.
Read more
Watch This Motorcycle Rider Survive A Horrific Highway Crash
Toyota’s Chairman Is Having His ‘I Told You So' Moment About EVs
In March, the Belarus-aligned hacker targeted elected US officials supporting Ukraine, exploiting unpatched Zimbra servers. Those attacks threatened to compromise government officials’ email accounts.
“This actor has been tenacious in its targeting of American and European officials as well as military and diplomatic personnel in Europe,” Proofpoint Threat Researcher Michael Raggi told Ars Technica.
It is unclear which European government entities, or which think tank, were the target of this latest attack from Winter Vivern. Roundcube strongly recommends all users to update to the latest version.
More from Gizmodo
Scoot Henderson didn’t look like he spent the past 2 years prepping for the NBA
Apple Original Films weighs in on Brendan Fraser's performance in Killers Of The Flower Moon
Cyberpunk 2077's New Patch Buffs Keanu Reeves' Gun And Screws Over Homeless People
Sign up for Gizmodo's Newsletter. For the latest news, Facebook, Twitter and Instagram.