Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Hackers steal the credentials of customers of the service wholesale and retail.
A large-scale phishing campaign targeting customers of the popular Zimbra email service has spread to hundreds of organizations in more than a dozen countries around the world.
Despite the primitiveness of the scheme used, the attackers managed to send targeted emails under the guise of notifications from Zimbra to hundreds of users of the collaboration software. The emails contained malicious attachments that were directed to the victim's phishing login page.
According to ESET experts, the main target of attacks was small and medium-sized companies, although the operation also affected some large government organizations. The extent of the damage is still unknown, but most of the attacks were stopped at an early stage. The countries most affected were Poland, Ecuador and Italy.
According to the ESET report, this phishing campaign has been conducted since April of this year by an unidentified group of intruders who purposefully attack Zimbra customers around the world.
Although Zimbra has a niche market share in corporate email services, the product is still used by thousands of small and medium-sized enterprises. This makes users an attractive target for cybercriminals.
Previously, the Zimbra service has already faced numerous security issues, including software vulnerabilities and attacks from North Korea. However, the current phishing campaign turned out to be one of the most extensive.
The attackers sent emails on behalf of the Zimbra security service, informing them that they urgently needed to download the attachment to avoid blocking the account. The attachment was an HTML file with a phishing email login form.
The login form looked extremely plausible and immediately displayed the legitimate login of the victim, apparently stolen during previous attacks. This made users think that this was a real Zimbra authorization page.
Any data entered in the phishing form was sent to hackers, allowing them to gain access to mailboxes, and in the worst case, to the entire IT infrastructure of the company.
To prevent attacks, experts recommend regularly updating the software, using complex passwords and two-factor authentication. It is also important to provide cybersecurity training to the company's employees.
Once alerted, Zimbra users will be able to recognize phishing emails and avoid compromising important data. Being vigilant can significantly complicate the work of intruders and reduce the risk of cyber attacks.
A large-scale phishing campaign targeting customers of the popular Zimbra email service has spread to hundreds of organizations in more than a dozen countries around the world.
Despite the primitiveness of the scheme used, the attackers managed to send targeted emails under the guise of notifications from Zimbra to hundreds of users of the collaboration software. The emails contained malicious attachments that were directed to the victim's phishing login page.
According to ESET experts, the main target of attacks was small and medium-sized companies, although the operation also affected some large government organizations. The extent of the damage is still unknown, but most of the attacks were stopped at an early stage. The countries most affected were Poland, Ecuador and Italy.
According to the ESET report, this phishing campaign has been conducted since April of this year by an unidentified group of intruders who purposefully attack Zimbra customers around the world.
Although Zimbra has a niche market share in corporate email services, the product is still used by thousands of small and medium-sized enterprises. This makes users an attractive target for cybercriminals.
Previously, the Zimbra service has already faced numerous security issues, including software vulnerabilities and attacks from North Korea. However, the current phishing campaign turned out to be one of the most extensive.
The attackers sent emails on behalf of the Zimbra security service, informing them that they urgently needed to download the attachment to avoid blocking the account. The attachment was an HTML file with a phishing email login form.
The login form looked extremely plausible and immediately displayed the legitimate login of the victim, apparently stolen during previous attacks. This made users think that this was a real Zimbra authorization page.
Any data entered in the phishing form was sent to hackers, allowing them to gain access to mailboxes, and in the worst case, to the entire IT infrastructure of the company.
To prevent attacks, experts recommend regularly updating the software, using complex passwords and two-factor authentication. It is also important to provide cybersecurity training to the company's employees.
Once alerted, Zimbra users will be able to recognize phishing emails and avoid compromising important data. Being vigilant can significantly complicate the work of intruders and reduce the risk of cyber attacks.
