Threat actors, probably supported by the Russian government, have hacked several high-quality post servers around the world by operating XSS vulnerabilities, a class of bugs that was one of the most necessities in recent decades.
XSS is short for cross-site scripting. Vulnerabilities are the result of programming errors found in web server software that, when they are exploited, enable attackers to perform malicious code in the browsers of people who visit a affected website. XSS received attention for the first time in 2005, with the establishment of the Samy Worm, which Myspace hit the assignment when it added more than a million Myspace friends to a user called Samy. XSS -Expoits were abundant in the next decade and gradually have more recently bustled, although this class of attacks is now continuing.
Just add JavaScript
On Thursday, security company ESET reported that Sednit, a hacking group supported by Kremlin, also followed as APT28, Fancy Bear, Forest Blizzard and Sofacy access to high-quality e-mail accounts by exploiting XSS vulnerabilities in Mail Server software of four different makers. Those packages are: Roundcube, Mdaemon, Horde and Zimbra.
The hacks were most recently aimed at e-mail servers used by defense contractors in Bulgaria and Romania, some of which produce weapons from the Soviet era for use in Ukraine while dismissing an invasion from Russia. Government organizations in those countries were also the target. Other goals include governments in Africa, the European Union and South America.
RondePress, as ESET has called the operation, has supplied XSS exploits via Spearphishing -e -Mails. In the e -mails, some of the HTML was hidden an XSS exploit. In 2023, ESET noted Sednit that operated CVE-2020-43770, a vulnerability that has since been patched in the Roundcube. A year later, ESET looked at Sednit operating various XSS vulnerabilities in Horde, Mdaemon and Zimbra. One of the vulnerabilities now coordinated, from Mdaemon, was a zero day day that Sednit operated it.
