At least 80 critical infrastructure, government, and military organizations across Europe, especially those in Ukraine, Poland, and Georgia, have been targeted by October attacks by Russian hacking operation TAG-70, also known as Winter Vivern, UAC-0014, and TA473, which involved the exploitation of cross-site scripting vulnerabilities impacting Roundcube email servers, SecurityWeek reports.
Aside from leveraging the Roundcube XSS flaws, TAG-70 also tapped social engineering techniques to facilitate intelligence gathering on military and political activities from the email servers in a bid to potentially compromise security across Europe, a report from Recorded Future revealed. Attackers may also be moving to target communication channels amid the ongoing war between Russia and Ukraine. "Belarus and Russia-aligned cyber-espionage groups will almost certainly continue, if not expand, targeting webmail software platforms, including Roundcube, while the conflict in Ukraine continues and while tensions with the EU and NATO remain high," said researchers.
Aside from leveraging the Roundcube XSS flaws, TAG-70 also tapped social engineering techniques to facilitate intelligence gathering on military and political activities from the email servers in a bid to potentially compromise security across Europe, a report from Recorded Future revealed. Attackers may also be moving to target communication channels amid the ongoing war between Russia and Ukraine. "Belarus and Russia-aligned cyber-espionage groups will almost certainly continue, if not expand, targeting webmail software platforms, including Roundcube, while the conflict in Ukraine continues and while tensions with the EU and NATO remain high," said researchers.
