Winter Vivern, a Russian threat group, recently took advantage of a vulnerability in the Zimbra email collaboration software to steal emails from NATO and the European Union. The vulnerability was a zero-day flaw tracked as CVE-2022-27926 and has been actively exploited since February 2023. This allowed the hackers to access the system undetected. The attack was discovered in March 2023, and Zimbra has since released a patch to fix the flaw. It is unclear how much data was stolen or why the hackers targeted NATO and the European Union.
The initial attack vector for this campaign was phishing emails sent through spoofed accounts. The emails contained a link that exploited the zero-day and allowed the attackers to steal usernames, passwords, and tokens. Security training is a crucial part of any organization. All employees should be trained multiple times a year and reminded on how to spot a phishing email and that no links from unknown senders should be clicked on.