CVE-2022-27926

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-27926 is a software vulnerability identified in Zimbra instances. This flaw in software design or implementation has been exploited by Winter Vivern (also known as TA473), a Russian hacking group, to gain unauthorized access to sensitive email communications. The targets of this cyber espionage have included NATO officials, governments, military personnel, and diplomats, indicating the severity and potential geopolitical implications of this security breach. The exploitation of CVE-2022-27926 by Winter Vivern was first reported by Proofpoint researchers in March 2023. Prior to this, the group had been known to exploit other vulnerabilities, such as CVE-2020-35730 in Roundcube, for which proofs of concept are readily available online. With the shift to exploiting the Zimbra vulnerability, Winter Vivern demonstrated its adaptability and ongoing threat to cybersecurity. In response to these findings, it's critical for organizations using Zimbra to apply patches promptly to mitigate the risk posed by CVE-2022-27926. In addition to patching, organizations are advised to adopt comprehensive cybersecurity measures, including regular system updates and user education, to protect against similar threats in the future. The actions of Winter Vivern underscore the broader risks associated with unpatched software and the importance of proactive security management.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Zimbra
Javascript
Proofpoint
Government
roundcube
Eset
Html
exploited
XSS (Cross S...
Vulnerability
Exploit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Ta473has used
4
TA473, also known as Winter Vivern and UAC-0114, is a Russian advanced persistent threat (APT) group that has been active since at least February 2023. The group focuses on cyber espionage, supporting Russian and Belarusian geopolitical objectives, especially in the context of the Russia-Ukraine con
Winter VivernUnspecified
3
Winter Vivern is a threat actor group that has recently come into the spotlight due to its malicious cyber activities. The group, believed to be aligned with the interests of Belarus, has been involved in several high-profile cyberattacks targeting various entities. Their actions have demonstrated a
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2022-2792Unspecified
1
None
CVE-2020-35730Unspecified
1
CVE-2020-35730 is a Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail, first discovered three years ago. The flaw has been actively exploited by threat actors in various campaigns. In the BlueDelta and APT28 campaigns, spear-phishing techniques were employed, with email attachments desig
Source Document References
Information about the CVE-2022-27926 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
a year ago
CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog
CERT-EU
10 months ago
Zimbra credentials targeted in global phishing campaign
CERT-EU
a year ago
Zimbra email platform vulnerability exploited to steal European govt emails
CSO Online
a year ago
APT group Winter Vivern exploits Zimbra webmail flaw to target government entities
CERT-EU
a year ago
Windows, Linux systems subjected to Chinese state-backed cyberattacks
BankInfoSecurity
a year ago
Phishing Campaign Tied to Russia-Aligned Cyberespionage
CERT-EU
a year ago
Winter Vivern Hackers Exploit Zimbra Flaw to Siphon NATO Emails | IT Security News
Securityaffairs
a year ago
Russian group Winter Vivern targets email portals of NATO and diplomats
CERT-EU
10 months ago
Ongoing Phishing Campaign Targets Zimbra Collaborations Email Servers Worldwide
CERT-EU
8 months ago
Russian hacking group seen exploiting Roundcube webmail zero-day
CERT-EU
a year ago
Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability
ESET
9 months ago
Mass-spreading campaign targeting Zimbra users
CERT-EU
a year ago
CISA Adds One Known Exploited Vulnerability to Catalog | CISA
CERT-EU
a year ago
NATO countries targeted by Winter Vivern via Zimbra vulnerability
BankInfoSecurity
7 months ago
Google Says 4 Attack Campaigns Exploited Zimbra Zero-Day
Securityaffairs
8 months ago
Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks
CERT-EU
8 months ago
Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) - Help Net Security
CERT-EU
a year ago
Manually patch this Zimbra bug that's under attack
CERT-EU
a year ago
NATO and Diplomats' Email Portals Targeted by Russian APT Winter Vivern