Security researchers at ESET have discovered an unpatched weakness in Roundcube Webmail’s open-source software. Unfortunately, the vulnerability has already been used to target government entities using a fake Microsoft Outlook page as a lure.
ESET posted a summary of its findings on Twitter, in which it claimed a zero-day exploit – a vulnerability that has already been taken advantage of by a bad actor before security researchers became aware of it – had been detected in Roundcube Webmail servers used by governments.
It believes a gang known as Winter Vivern, with possible links to Belarus-based threat actor MoustachedBounder, was behind the attack. However, it did not specify which countries had been targeted.
“ESET discovered a zero-day XSS vulnerability (#CVE-2023-5631) in Roundcube Webmail servers,” it tweeted on October 25th. “It is actively used in the wild by Winter Vivern to target governments and a think tank in Europe. The exploit was contained in a legitimate-looking email about Outlook.”
ESET said it notified Roundcube on October 14th and its developers promptly fixed the glitch.
Winter Vivern is a cyber espionage group thought to have been active since at least 2020. It targets governments in Europe and Central Asia using malicious documents, phishing websites, and a custom PowerShell backdoor.
Citing fellow cybersecurity analyst Proofpoint, ESET said that Winter Vivern has been targeting government-run Zimbra and Roundcube email servers since at least last year.
More from Cybernews:
Subscribe to our newsletter