Chinese Hackers are spying on Zimbra opensource email users
February 18th, 2022
If you use Zimbra, then watch out !! Chinese hackers appear to have exploited zero-day vulnerability in the Zimbra email platform to spy on users like you.
The chances are you might use Zimbra… why? Because Zimbra is the world’s leading open source email platform, powering hundreds of millions of mailboxes in 140 countries.
The attacks are believed to have occurred in two phases:
Aimed at reconnaissance and distributing emails designed to keep tabs if a target received and opened the messages.
Multiple waves of email messages were broadcasted to trick the recipients into clicking a malicious link. In total, 74 unique outlook.com email addresses were created by the attacker to send out the missives over a period of two weeks, among which the initial recon messages contained generic subject lines ranging from invitations to charity auctions to refunds for airline tickets.
More about Zero-day vulnerability
A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. An exploit that attacks a zero-day vulnerability is called a zero-day exploit. … Vulnerable systems are exposed until a patch is issued by the vendor. So the developers did not know their software contained a vulnerability and the threat actor spots that vulnerability before the developer realizes there is a defect or has had time to fix the defect.
The attacker writes and implements exploit code while the vulnerability is still open and available
A Zero-day vulnerability is invincible
Why? A zero-day vulnerability is really hard if not impossible to detect. It can take not just days but months and sometimes years before a developer learns of the vulnerability that led to an attack.
A zero-day attack happens when that flaw, or software/hardware vulnerability, is exploited and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability.
Zero-day is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. … Once a zero-day vulnerability has been made public, it is known as an n-day or one-day vulnerability.
Disclaimer: Any opinions expressed in the blog do not necessarily reflect the opinions of Certrec. The content of this blog is meant for informational purposes only.