Home Security New Wave of Assault Marketing campaign Concentrating on Zimbra E mail Customers for Credential Theft

New Wave of Assault Marketing campaign Concentrating on Zimbra E mail Customers for Credential Theft

by crpt os


Aug 18, 2023THNEmail Seucrity / Cyber Attack

A new “mass-spreading” social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in follow-on operations.

The activity, active since April 2023 and still ongoing, targets a wide range of small and medium businesses and governmental entities, most of which are located in Poland, Ecuador, Mexico, Italy, and Russia. It has not been attributed to any known threat actor or group.

“Initially, the target receives an email with a phishing page in the attached HTML file,” ESET researcher Viktor Šperka said in a report. “The email warns the target about an email server update, account deactivation, or similar issue and directs the user to click on the attached file.”

Cybersecurity

The messages also spoof the from address to appear as if they are coming from a Zimbra administrator in a likely attempt to convince the recipients into opening the attachment.

The HTML file contains a Zimbra login page tailored to the targeted organization, with the Username field prefilled with the victim’s email address to make it seem more authentic. Once the credentials are entered, they are collected from the HTML form and sent via a HTTPS POST request to an actor-controlled server.

What makes the attacks stand out is their ability to propagate further. Subsequent phishing waves have leveraged accounts of previously targeted, legitimate companies, suggesting that the infiltrated administrator accounts associated with those victims were used to send emails to other entities of interest.

Cybersecurity

“One explanation is that the adversary relies on password reuse by the administrator targeted through phishing – i.e., using the same credentials for both email and administration,” Šperka noted.

While the campaign is not technically sophisticated, it banks on the fact that “HTML attachments contain legitimate code, and the only telltale element is a link pointing to the malicious host” that’s embedded in the source code.

“This way, it is much easier to circumvent reputation-based anti-spam policies, compared to phishing techniques where a malicious link is directly placed in the email body,” Šperka said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex