Cyber Threat Report: 'Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe'
| Report Author | Proofpoint |
|---|---|
| Publication Date | 2023-03-30 |
| Original Reporting | Source |
| Attributed to Nation | Russia, Belarus |
| Related Intrusion Sets | UAC-0114 , Winter Vivern , TA473 |
| Identified CVEs | CVE-2022-27926 , CVE-2022-30190 |
| Victim Sectors | National Government |
Proofpoint researchers describe espionage activity targeting US elected officials and staffers which they attribute to TA473 (also known as Winter Vivern or UAC-0114). They group exploited vulnerabilities in the Zimbra mail server to deploy custom JavaScript payloads.
Cyber Threat Graph Context
Explore how this report relates to the wider threat graph