The Russia-linked hacking group APT28 has been exploiting cross-site scripting (XSS) vulnerabilities to target webmail servers of government and defense organizations in Eastern Europe and beyond. These attacks aim to steal credentials, contacts, and email communications, often using phishing emails with malicious content.
Affected: webmail servers, government and defense organizations, Ukraine, Bulgaria, Romania, other European and African governments
Affected: webmail servers, government and defense organizations, Ukraine, Bulgaria, Romania, other European and African governments
Keypoints
- APT28 is a Russian-linked hacking group actively exploiting XSS vulnerabilities to target webmail servers.
- The group primarily focuses on government, military, and defense organizations in Eastern Europe and other regions.
- Phishing emails with malicious links are used to deliver payloads that steal login credentials and access email content.
- Vulnerable webmail platforms like Roundcube and Zimbra are common targets for multiple espionage groups.
- Many organizations neglect timely updates, making their webmail servers easy targets for remote exploitation.
Read More: https://therecord.media/kremlin-linked-hackers-target-webmail-eastern-europe-governments