TLDR:

Key Points:

• Russian state-backed hackers exploit Roundcube email server flaw to collect military and political intelligence.
• Over 80 organizations have been impacted by the attacks, especially those involved in the Ukraine conflict.

Researchers have discovered a cyber espionage campaign conducted by Russian hackers targeting Roundcube webmail servers to gather military and political intelligence, particularly related to the conflict in Ukraine. The hackers, known as ‘Winter Vivern’ or TA473 and UAC0114, are using a persistent cross-site scripting vulnerability (CVE-2023-43770) to gain access to sensitive data such as usernames and passwords from organizations across Europe.

The attackers inject JavaScript payloads to extract data to a remote command and control center, with a focus on geopolitical objectives like the conflict in Ukraine. While a patch for the vulnerability has been available for some time, Roundcube urges users to update their installations. The CISA has directed the U.S. Federal Civilian Executive Branch to take action against the bug by March 4th to prevent further exploitation.

This incident underscores the need for enhanced cybersecurity measures to protect against nation-state actors with geopolitical motives. With the 2024 elections approaching, governments and businesses must be vigilant against such threats in the future.

Source: Spiceworks