Fraud Management & Cybercrime , Social Engineering

Mass Phishing Campaign Targets Zimbra Users Worldwide

Targets Include Small and Medium Businesses and Government Agencies
Mass Phishing Campaign Targets Zimbra Users Worldwide
Image: Shutterstock

Threat actors are on a phishing spree targeting users of Zimbra Collaboration email suite, in particular small and medium businesses and government agencies worldwide.

See Also: OnDemand | Code Red: How KnowBe4 Exposed a North Korean IT Infiltration

Security researchers from Eset on Thursday revealed the ongoing campaign, writing that the hackers behind it have been active since at least April.

Countries hit by the campaign are located across the globe, but the greatest number are in Poland, followed by Ecuador and Italy. Zimbra is popular among companies that typically have moderate IT budgets. The open-core email solution was the target earlier this year of likely nation-state hackers, but Eset said it's not drawing any attribution conclusions (see:Phishing Campaign Tied to Russia-Aligned Cyberespionage).

Eset observed instances of Zimbra email servers holding compromised accounts being used to send new waves of phishing emails. One explanation - Eset said it can't confirm the hypothesis with available data - is that attackers were able to reuse compromised passwords to gain access to the system administrator account and create new accounts.

Victims initially receive an email about server updates containing an HTML file attachment. Anyone who opens it sees a spoofed Zimbra login page customized to the targeted organization. Aattackers prefill the username field.

Once victims supply their valid credentials to the malicious form, their information is sent to a server controlled by threat actors.

"The popularity of Zimbra Collaboration among organizations expected to have lower IT budgets ensures that it stays an attractive target for adversaries," Eset wrote.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.