A Russian hacker group named Winter Vivern has been hacking NATO emails since February, according to reports.
The group exploited flaws in Zimbra endpoints.
- Winter Vivern attacks by scanning for unpatched webmail platforms using the Acunetix tool vulnerability scanner.
- Next, the hackers send a phishing email from a compromised address.
- The targets are led to believe that the email comes from someone they know.
- These emails contain a link that exploits a security flaw tracked as CVE-2022-27926 by injecting multiple JavaScript payloads.
- The threat actors can access sensitive information on compromised webmails and monitor communications over a period of time.
- Additionally,
the hackers can use the breached accounts to carry out lateral phishing
attacks and further their infiltration of the target organizations.
