Hackers target European government through Roundcube webmail bug

Winter Wyvern, believed to be hackers affiliated with Belarus, attacked European government entities and a think tank beginning on October 11. Ars Technica Report on Wednesday. ESET Research Discovered a hack that exploited a zero-day vulnerability in Roundcube, a webmail server with millions of users and allowed a pro-Russian group to infiltrate sensitive emails.

Roundcube fixed the XSS vulnerability on October 14, two days after it was reported by ESET Research. Winter Wyvern sent malicious code to users disguised in an innocent-looking email from team.management@outlook.com. Users simply view the message in a web browser, and the hacker can access all of their emails. Winter Wyvern is a cyberespionage group that has been active since at least 2020, targeting governments in Europe and Central Asia.

“Despite the low sophistication of the group’s toolset, it poses a threat to governments in Europe due to its persistence, with phishing campaigns being run very regularly,” Matthew Fou, a malware researcher at ESET, said in a post.

Roundcube released an update for multiple versions of its software on October 16, fixing cross-site scripting vulnerabilities. Fau says that despite patches and known vulnerabilities in older versions, many applications are not updated by users.

RoundCube did not immediately respond to Gizmodo’s request for comment.

In March, Belarus-aligned hackers targeted elected US officials supporting Ukraine by exploiting unpatched Zimbra servers. Those attacks threatened to compromise the email accounts of government officials.

“This actor has been persistent in targeting U.S. and European officials, as well as military and diplomatic personnel in Europe,” Proofpoint threat researcher Michael Raggi said. Ars Technica,

It is unclear which European government entities, or which think tanks, were the targets of this latest attack by Winter Wivern. Roundcube strongly recommends all users to update to the latest version.

(TagstoTranslate)WebMail(T)RoundCube(T)Matthew Fau(T)ProofPoint Threat researcher Michael Raggi(T)Zero-Day(T)Gizmodo(T)ESET(T)Email Client(T)Michael Raggi(T)Computer Security

Leave a comment