ESET researchers, during their regular monitoring of the cyberespionage operations of Winter Vivern, discovered that the group recently began exploiting a zero-day XSS vulnerability in the Roundcube Webmail server. In an XSS attack, malicious scripts are injected into otherwise trusted websites.
ESET researchers have discovered strategic web compromise (watering hole) attacks against high-profile websites in the Middle East, with a strong focus on Yemen. The attacks are linked to Candiru, a company that sells state-of-the-art offensive software tools and related services to government agencies.
ESET Research has discovered that more than ten different advanced persistent threat (APT) groups are exploiting the recent Microsoft Exchange vulnerabilities to compromise email servers. ESET has identified more than 5,000 email servers that have been affected by malicious activity related to the incident.