×

Irish Information Security Forum

Roundcube Vulnerabilities Exploited by Russian Hackers

 

Russian state-backed hackers have been exploiting a flaw in Roundcube email servers to collect military and political intelligence from organizations, particularly those associated with the Ukraine conflict¹.

 

The bug, known as CVE-2023-43770, is a persistent cross-site scripting (XSS) vulnerability that allows threat actors to access restricted information through text messages in low-complexity attacks that exploit user-device interactions¹.

 

The threat actor, known as 'Winter Vivern' or TA473 and UAC0114, has impacted over 80 organizations¹. The attackers have hit several organizations across Europe, including Ukraine, Poland, and Georgia¹.

 

The attacks exploit Roundcube’s vulnerabilities to inject JavaScript payloads designed to extract sensitive data, such as usernames and passwords, to a remote command and control center¹. The attacks seem to be motivated by geopolitical objectives, including the extraction of data associated with the ongoing conflict in Ukraine¹.

 

While the patch for the vulnerability has been available for a few months now, Roundcube has urged its users to update all installations of the 1.6.x versions¹. CISA has also ordered the U.S. Federal Civilian Executive Branch (FCEB) to take adequate measures against the bug by the 4th of March¹.

 

 


References
(1) Russian Hackers Exploit Roundcube Flaw - Spiceworks. https://www.spiceworks.com/it-security/vulnerability-management/news/roundcube-vulnerabilities-exploited-russian-hackers/.
(2) Pro-Russia hackers target inboxes with 0-day in webmail app used by .... https://arstechnica.com/security/2023/10/pro-russia-hackers-target-inboxes-with-0-day-in-webmail-app-used-by-millions/.
(3) Russian Hackers Breached Organizations Using Roundcube Flaw. https://cybersecuritynews.com/russian-hackers-xss-flaw/.
(4) Pro-Russian Hackers Exploit Zero-Day Vulnerability in Roundcube Webmail. https://www.thedailyfactum.com/article/pro-russian-hackers-exploit-zero-day-vulnerability-roundcube-webmail.
(5) Hackers compromised the Roundcube Email Servers. https://cybersecuritynews.com/roundcube-email-servers/.

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter