Zimbra XSS vulnerability exploited by hackers to to steal government emails
Take action: f you are working with Zimbra Collaboration Suite, patch it version to the latest version of the software ASAP. Your users will be attacked via phishing emails, and there are so many users that some will definitely be scammed.
Google Threat Analysis Group (TAG) is reporting thata XSS vulnerability the Zimbra Collaboration email software is being exploited by four distinct threat actors to steal email data, user credentials, and authentication tokens from government entities. Most of these attacks occurred subsequent to the public disclosure of the patch for the vulnerability.
Zimbra Collaboration suite is often used by government entities worldwide, and has been previously attacked using a similar XSS vulnerability.
This vulnerability, tracked as CVE-2023-37580 (CVSS score 6.1) is a reflected cross-site scripting (XSS) issue, in the Zimbra Classic Web Client and affects Zimbra Collaboration (ZCS) 8 prior to version 8.8.15 Patch 41. Zimbra addressed this vulnerability, CVE-2023-37580, in July 2023.
Of the observed hacking campaigns, three of them exploited the vulnerability before the official patch was available, while the fourth initiated its campaign a month after the patches were published:
|VMware reports public exploit of vRealize RCE vulnerability|
|Aeronautics firms attacked via Zoho and Fortinet vulnerabilities|
|Citrix Netscaler CVE-2023-4966 actively exploited|
|Apache ActiveMQ Vulnerability actively exploited, HelloKitty Ransomware gang …|
|Microsoft SQL servers under attack, used to deploy …|