A mass-spreading social engineering marketing campaign is focusing on customers of the Zimbra Collaboration electronic mail server. The marketing campaign has been lively since April 2023 and is ongoing, with targets principally situated in Poland, Ecuador, Mexico, Italy, and Russia. The marketing campaign entails sending emails with a phishing web page in an connected HTML file, pretending to be from a Zimbra administrator. The HTML file comprises a tailor-made Zimbra login web page, with the sufferer’s electronic mail handle prefilled within the Username area. When the sufferer enters their credentials, they’re despatched to an actor-controlled server. What units these assaults aside is their skill to propagate additional by leveraging the accounts of beforehand focused legit corporations. The marketing campaign will not be technologically superior, however it might probably bypass anti-spam insurance policies by embedding a hyperlink within the supply code of the HTML attachment.
Source hyperlink
