Skip to main content

Featured

Essential Steps to Protect Your WordPress Site from Hackers

10 steps you can take to protect your WordPress   In today's digital age, the threat of hackers targeting websites is ever-present. As a WordPress site owner, it's crucial to implement robust security measures to safeguard your online presence. Here are some essential steps to protect your WordPress site from hackers: Keep WordPress Updated: Ensure that your WordPress core, themes, and plugins are always up to date. Developers frequently release updates to patch security vulnerabilities, and failing to update leaves your site susceptible to exploitation. Use Strong Passwords: Weak passwords are an open invitation to hackers. Choose complex passwords comprising a mix of uppercase and lowercase letters, numbers, and special characters. Additionally, consider using a password manager to generate and store secure passwords. Limit Login Attempts: Implement measures to restrict the number of login attempts allowed within a specified timeframe. This prevents brute force attacks whe...
Post a Comment
Read more

Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws

 



Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations.

These entities are primarily located in Georgia, Poland, and Ukraine, according to Recorded Future, which attributed the intrusion set to a threat actor known as Winter Vivern, which is also known as TA473 and UAC0114. The cybersecurity firm is tracking the hacking outfit under the moniker Threat Activity Group 70 (TAG-70).

Winter Vivern's exploitation of security flaws in Roundcube email servers was previously highlighted by ESET in October 2023, joining other Russia-linked threat actor groups such as APT28, APT29, and Sandworm that are known to target email software.

The adversary, which has been active since at least December 2020, has also been linked to the abuse of a now-patched vulnerability in Zimbra Collaboration email software last year to infiltrate organizations in Moldova and Tunisia in July 2023.

The campaign discovered by Recorded Future took place from the start of October 2023 and continued until the middle of the month with the goal of collecting intelligence on European political and military activities. The attacks overlap with additional TAG-70 activity against Uzbekistan government mail servers that were detected in March 2023.

"TAG70 has demonstrated a high level of sophistication in its attack methods," the company said. "The threat actors leveraged social engineering techniques and exploited cross-site scripting vulnerabilities in Roundcube webmail servers to gain unauthorized access to targeted mail servers, bypassing the defenses of government and military organizations."

The attack chains involve exploiting Roundcube flaws to deliver JavaScript payloads that are designed to exfiltrate user credentials to a command-and-control (C2) server.

Recorded Future said it also found evidence of TAG-70 targeting the Iranian embassies in Russia and the Netherlands, as well as the Georgian Embassy in Sweden.

"The targeting of Iranian embassies in Russia and the Netherlands suggests a broader geopolitical interest in assessing Iran's diplomatic activities, especially regarding its support for Russia in Ukraine," it said.

"Similarly, espionage against Georgian government entities reflects interests in monitoring Georgia's aspirations for European Union (EU) and NATO accession."

Comments

Post a Comment