CVE-2021-44026

Vulnerability updated 5 months ago (2024-05-04T19:33:18.431Z)

Download STIX

Preview STIX

Not enough context has been learned about CVE-2021-44026 for a description yet. However we're tracking it as a Vulnerability profile. Vulnerability: A flaw in software design or implementation

Description last updated:

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The APT28 Threat Actor is associated with CVE-2021-44026. APT28, also known as Fancy Bear, Forest Blizzard, and Unit 26165 of the Russian Main Intelligence Directorate, is a Russia-linked threat actor that has been active since at least 2007. This group has targeted governments, militaries, and security organizations worldwide with a particular focus on th	Targets	3

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2020-35730 Vulnerability is associated with CVE-2021-44026. CVE-2020-35730 is a Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail, first discovered three years ago. The flaw has been actively exploited by threat actors in various campaigns. In the BlueDelta and APT28 campaigns, spear-phishing techniques were employed, with email attachments desig	Unspecified	4

Source Document References

Information about the CVE-2021-44026 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	5 months ago	NATO and the EU formally condemned APT28 cyber espionage
Securityaffairs	10 months ago	Russia's APT8 exploited Outlook 0day to target EU NATO members
Securityaffairs	10 months ago	Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts
CERT-EU	a year ago	Advanced threat predictions for 2024 – GIXtools
Securelist	a year ago	Kaspersky Security Bulletin: APT predictions 2024
CERT-EU	a year ago	Several French critical networks subjected to Russian APT attacks
Securityaffairs	a year ago	ANSSI warns of Russia-linked APT28 attacks on French entities
CERT-EU	a year ago	Microsoft warns of rise in credential stealing attacks by Russia-linked group
CERT-EU	a year ago	Several bugs added to CISA vulnerability catalog
CERT-EU	a year ago	Ex-FBI employee jailed for mishandling classified material
Securityaffairs	a year ago	CISA adds recently disclosed Apple flaws to its Known Exploited Vulnerabilities catalog
CERT-EU	a year ago	CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws
CERT-EU	a year ago	Cyber security week in review: June 23, 2023
CERT-EU	a year ago	Governmental Agencies Ordered by CISA to Patch Vulnerabilities Exploited by Russian APT Groups
CERT-EU	a year ago	CISA Adds Six Known Exploited Vulnerabilities to Catalog \| CISA
Securityaffairs	a year ago	APT28 hacked Roundcube email servers of Ukrainian entities
CERT-EU	a year ago	Russian hackers breach Ukrainian government and military entities
BankInfoSecurity	a year ago	Ukraine Tracks Multiple Spear-Phishing Campaigns From Russia
Recorded Future	a year ago	BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities \| Recorded Future
CERT-EU	a year ago	Russia’s APT28 breached Ukrainian orgs via RoundCube flaws