Cyberattacks by hacker groups are becoming increasingly common in the digital age, and their attacks are becoming more sophisticated over time. Just this week, an article from Ars Technica reported that a group of hackers working on behalf of the Belarusian government, known as Winter Vivern, attacked various European entities and a think tank since October 11th.
According to the article, the attack was able to be detected thanks to the efforts of ESET Research, which discovered that it exploited a zero-day vulnerability in Roundcube, a webmail server with millions of users, and allowed the pro-Russian group to leak confidential emails.
Just two days after ESET Research reported this vulnerability, Roundcube patched it. According to the research, Winter Vivern sent malicious code to users disguised in an apparently innocent email from “team.management@outlook.com.” After viewing the message, the hackers had complete access to their victims’ emails.
Winter Vivern is a group known for carrying out various cyberattacks on governments in Central Asia and Europe. “Despite the low sophistication of the group’s toolkit, it poses a threat to governments in Europe due to its persistence and very regular execution of phishing campaigns,” said Matthieu Faou, a malware researcher at ESET.
On October 16, Roundcube released an update for different versions of its program that fixed cross-site scripting vulnerabilities. The issue, however, is that many users do not update their programs, so they remain exposed to this vulnerability.
Roundcube recommends that all users update their program to the latest version as soon as possible in order to prevent further harm. Currently, it has not been disclosed which European government entities or think tanks were targeted by Winter Vivern.
