While these phishing emails contain hyperlinks to malicious URLs utilized by the threat actors to abuse the known vulnerabilities to execute JavaScript payloads.
It has been observed by Proofpoint researchers that TA473, a newly minted APT actor, abuses publicly facing Zimbra-hosted webmail portals by exploiting a vulnerability found in Zimbra, which has been tracked as CVE-2022-27926. The sole goal of this activity is to gain unauthorized access to the following organizations that
Zimbra Vulnerability Exploited to Gain Access to Email Mailboxes
Zimbra Vulnerability Exploited to Gain Access to Email Mailboxes
Zimbra Vulnerability Exploited to Gain Access to Email Mailboxes
Zimbra Vulnerability Exploited to Gain Access to Email Mailboxes
Zimbra Vulnerability Exploited to Gain Access to Email Mailboxes
/product/48/5847722/1.jpg?5391)