Roundcube zero-day attacks exploited by European governments – Security week with Tony Anscombe


The zero-day exploit deployed by the Winter Vivern APT group only requires that the target view a specially crafted message in a web browser

This week, ESET research described how the Winter Vivern APT group exploited a zero-day XSS vulnerability in Roundcube Webmail servers to target European government entities and a think tank. ESET researchers discovered the attacks on October 11th while monitoring Winter Vivern’s cyberespionage operations, which are mostly aimed at governments in Europe and Central Asia. They immediately reported the security breach to the Roundcube team on October 12thwhich released security updates for the vulnerability four days later.

The security flaw (CVE-2023-5631) can be exploited through specially crafted email messages. Organizations are strongly recommended to update their Roundcube Webmail installations to the latest post-hate version.

Find out more in the video and our blogpost.

Connect with us at Facebook, Twitter, LinkedIn and Instagram.

Leave a comment