Google blocks a zero-day flaw used to target government emails

Cybersecurity researchers from Google’s Threat Analysis Group (TAG) recently discovered a zero-day vulnerability in a popular email server platform that hackers were using to steal sensitive data from government organizations around the world.

In a blog post published by researchers Clement Lecigne and Maddie Stone of TAG, it was said that a cross-site scripting (XSS) flaw was found in June this year, in a popular email server platform Zimbra Collaboration. An XSS flaw allows threat actors to inject malicious scripts into vulnerable websites. These scripts can pull sensitive information such as email data, user credentials, and authentication tokens, from unsuspecting visitors.

The flaw is now tracked as CVE-2023-37580.

Hackers flocking

In the timeframe between the flaw being discovered and being patched, Google observed four threat actors abusing it to target various government organizations.

One threat actor was sending emails with an exploit URL to people working for a government organization in Greece. If the victim, who was logged into a Zimbra session, clicked the link, the URL loaded a framework that used XSS to steal emails and attachments and set up an auto-forwarding rule to an attacker-controlled address.

The second campaign targeted government organizations in Moldova and Tunisia, while the third one went after a Vietnamese organization. Finally, someone tried to steal Zimbra authentication tokens from people working for a Pakistani government organization.

The first campaign leveraging the zero-day was discovered in late June 2023, while Zimbra pushed the official patch a month later, in late July. The Pakistani campaign was conducted after the release of the patch, Google said, highlighting the importance of timely patching:

“The discovery of at least four campaigns exploiting CVE-2023-37580, three campaigns after the bug first became public, demonstrates the importance of organizations applying fixes to their mail servers as soon as possible,” Google concluded.

More from TechRadar Pro

https://www.techradar.com/pro/security/google-blocks-a-zero-day-flaw-used-to-target-government-emails

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Related Posts

Top 6 Server Management Software and Tools Compared [2023]

Hillary Clinton handing over personal email server to justice department | Hillary Clinton

People laughed when Google announced Gmail on April 1 2004 — but nobody’s laughing now

Best Cheap Email Hosting Providers of 2024 – Forbes Advisor UK

How to Fix It When Outlook Keeps Asking for a Password

Hillary Clinton’s email server is why this race is still close