Members of TAG, Google’s cyber threat analysis group, have detected the existence of a security vulnerability in an email service used by many governments around the world. Thanks to this vulnerability, attackers were able to steal data from certain countries, such as Greece, Tunisia or Moldova.
While hackers recently exploited a flaw in Google Calendar to steal users’ personal information, members of TAG (Google’s cyber threat analysis group) have just made a new discovery.
On this Thursday, November 16, 2023, the American giant’s computer security researchers explain that they have discovered and participated in the correction of a particularly serious security vulnerability. Indeed, thanks to this vulnerability, hackers managed to steal data belonging to several countriesnotably Greece, Moldova, Tunisia, Vietnam and Pakistan.
The flaw, codenamed CVE-2023-37580, affected Zimbra Collaboration, an email service used by more than 1,000 government organizations around the world. According to Google, this vulnerability made it possible to steal email data, user IDs and passwords and authentication tokens from organizations.
Also read : Beware of scams during Black Friday, 50% of merchant sites do not protect their customers
A case that reminds us of the importance of updates
It all started towards the end of June 2023 in Greece, when attackers exploited this vulnerability to send malicious emails to certain members of the Greek authorities. If someone clicked on the malicious link while logged into their Zimbra account, the previously mentioned data was automatically transmitted to the hackers. Furthermore, the attackers took advantage of this to set up an automatic transfer and take possession of the targeted email address.
A few days later, Zimbra responded well by publishing a fix for this flaw on Github. Unfortunately, the attacks continued, suggesting that affected governments did not install the update in time to protect themselves. “These campaigns also highlight how attackers monitor open source repositories to opportunistically exploit vulnerabilities in software, specifically when a patch is referenced on a platform, but not yet accessible to users. explains TAG in a blog article.
Source: Google TAG Blog