Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws

Cyber espionage activities attributed to groups with connections to Belarus and Russia, specifically a group known as Winter Vivern (also identified as TA473 and UAC0114), have been observed targeting over 80 organizations through exploiting vulnerabilities in Roundcube webmail servers. This campaign, primarily affecting entities in Georgia, Poland, and Ukraine, was reported by Recorded Future, which refers to the group as Threat Activity Group 70 (TAG-70). The group’s focus on exploiting security gaps in email software aligns with the behaviors of other Russia-associated cyber actors like APT28, APT29, and Sandworm, as previously outlined by ESET in October 2023.

Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws

Winter Vivern has been active since at least December 2020 and is known for its sophisticated attack strategies, including social engineering and leveraging software vulnerabilities. Notably, the group exploited a vulnerability in Zimbra Collaboration email software to attack organizations in Moldova and Tunisia in July 2023, a flaw that has since been addressed.

The recent espionage efforts by TAG-70, conducted from early to mid-October 2023, aimed to gather intelligence on European political and military activities, coinciding with attacks on Uzbekistan government mail servers in March 2023. These attacks involved the use of JavaScript payloads delivered through Roundcube vulnerabilities to exfiltrate user credentials to a command-and-control server.

Furthermore, TAG-70’s operations have extended to targeting Iranian embassies in Russia and the Netherlands, and the Georgian Embassy in Sweden, indicating a broader geopolitical interest in monitoring diplomatic and governmental activities related to Russia’s support in Ukraine, as well as Georgia’s ambitions towards joining the European Union (EU) and NATO.

Spread the love
User Avatar
Anonymous Hackers

This is anonymous group official website control by anonymous headquarters. Here you can read the latest news about anonymous. Expect us.

One thought on “Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws

Leave a Reply

Your email address will not be published. Required fields are marked *