A new mass-spreading social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in subsequent operations.
The campaign begins with an email with a phishing page in its HTML file.
This message warns the target about an email server update, account deactivation, or similar issue and directs the user to click on the attached file.
The messages also spoof the from address to appear as if they are coming from a ZimbRA administrator.
The HTML file contains a ZIMBRA login page tailored to the targeted organization, with the Username field prefilled with the victim’s email address to make it seem more authentic.
ESET researcher Viktor ล perka describes the campaign in detail
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply