Members of TAG, Google’s cyber threat analysis group, have discovered the existence of a security flaw in an email service used by many governments around the world. Thanks to this vulnerability, attackers were able to steal data from certain countries such as Greece, Tunisia or Moldova.
Photo credit: 123RF
While hackers recently exploited a vulnerability in Google Calendar to steal users’ personal information, members of TAG (Google’s cyber threat analysis group) have just made a new discovery.
This Thursday, November 16, 2023, the American giant’s computer security researchers declare that they have done it discovered a particularly serious security vulnerability and helped fix it. Thanks to this vulnerability, the hackers actually succeeded Steal data from multiple countriesparticularly Greece, Moldova, Tunisia, Vietnam and Pakistan.
The bug, codenamed CVE-2023-37580, affected Zimbra Collaboration, an email service used by more than 1,000 1,000 government organizations around the world. According to Google, this vulnerability allowed the theft of email data, user IDs and passwords, and authentication tokens from organizations.
also read : Beware of scams during Black Friday, 50% of retail sites do not protect their customers
The story of exploiting this bug / Google
A case that reminds us how important updates are
It all started in Greece at the end of June 2023, when attackers exploited this vulnerability to send malicious emails to certain members of the Greek authorities. If someone clicks on the malicious link while logged into their Zimbra account, The aforementioned data was automatically transmitted to the hackers. Furthermore, the attackers took advantage of this to set up an automatic transfer and Take ownership of the target email address.
A few days later, Zimbra responded well and released a fix for this bug on Github. Unfortunately, the attacks continued, which suggests that Affected governments did not install the update in time to protect themselves. “These campaigns also highlight how attackers monitor open source repositories to opportunistically exploit vulnerabilities in software, particularly when a patch is referenced on a platform but not yet accessible to users,” TAG explains in a blog post.
Source: Google TAG blog