Following a search for ESET it was possible to identify a group of pro-Russian hackers who targeted a software by webmailputting a huge number of emails at risk.
In fact, victims just need to open a malicious email to be infected: no click or active action is required on the part of the user.
Pro-Russian Winter Vivern hackers are targeting government entities in Europe, Central Asia and beyond
Through ESET’s analysis it showed how the attacks began on October 11th, with the company reporting the zero-day vulnerability to Roundcube developers the following day, followed by the release of a patch on October 14th. The vulnerability was listed as CVE-2023-5631 and interests them Roundcube versions 1.6.x before 184.108.40.206.x before 1.5.5 and 1.4.x before 1.4.15.
Winter Vivern has been operational since at least 2020 and has been shown to primarily target government entities in Europe and Central Asia. In March, the threat group was spotted targeting US government officials who had expressed support for Ukraine during the ongoing conflict with Russia.
The security company Proofpoint also confirmed what was just stated, according to which “This actor has been persistent in targeting American and European officials, as well as military and diplomatic personnel in Europe“.