Hello, tech lovers! Today, let’s dive into a fascinating story about hackers who are still using old tricks to target high-value email servers.
Threat groups, reportedly supported by Russia, are hacking into top-tier mail servers worldwide by exploiting long-known bugs called XSS vulnerabilities. XSS, or cross-site scripting, is a type of bug that allows malicious code to run in web browsers visiting infected sites. These flaws first gained attention back in 2005 with the Samy Worm that overwhelmed MySpace.
Despite being well-known for years, XSS exploits still pop up. Recently, the hacking group Sednit, also known as Fancy Bear, hit various mail servers made by different vendors, including Roundcube, MDaemon, Horde, and Zimbra. These attacks mostly targeted defense and government agencies in Bulgaria, Romania, Africa, Europe, and South America.
Using spearphishing emails, Sednit embedded malicious scripts within HTML content — scripts that, when viewed in webmail, would steal contacts and emails, forwarding them to attacker-controlled servers. Interestingly, some vulnerabilities exploited had been patched years prior, but organizations failed to update their systems. One zero-day exploit was used in this campaign, highlighting how old bugs can still be weaponized.
The malicious emails looked innocent, referencing Ukrainian news and including links to reputable sources. The embedded JavaScript could run repeatedly as long as the email was open, making the attack quite effective, even if temporarily reliant on a user’s action to view the email.
This story reminds us that outdated vulnerabilities, if left unpatched, can still be turned into powerful attack tools. So, keeping software up-to-date remains crucial to cybersecurity.