CERT Polska has warned about a spear phishing campaign exploiting a critical webmail vulnerability (CVE-2024-42009) used by the UNC1151 APT group to steal credentials from Polish organizations. The attack involved malicious emails that deployed Service Workers to intercept login information, highlighting the threat posed by sophisticated cyber espionage activities. #UNC1151 #CVE2024-42009
Keypoints
- The spear phishing campaign targeted Polish organizations using a webmail vulnerability in Roundcube.
- The UNC1151 APT group, linked to Belarusian and Russian intelligence, is responsible for the attacks.
- The attack utilized obfuscated JavaScript within emails to install Service Workers for credential theft.
- Once credentials were stolen, attackers accessed mailboxes and propagated further phishing attempts.
- A new vulnerability (CVE-2025-49113) in Roundcube could enhance the effectiveness of similar attacks if exploited.
Read More: https://securityonline.info/unc1151-exploits-roundcube-flaw-in-spear-phishing-attack/