Predator Spyware Infrastructure Resurfaces Post-Sanctions – What You Need to Know
Intellexa’s Predator spyware infrastructure re-emerges after sanctions. Learn how this mercenary spyware is evolving, targeting high-profile individuals, and what defensive measures can be taken.
Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign
Insikt Group has observed TAG-70 leveraging cross-site scripting (XSS) vulnerabilities against Roundcube webmail servers in Europe, targeting government, military, and national infrastructure.
BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities | Recorded Future
Recorded Future's Insikt Group, in partnership with Ukraine's Computer Emergency Response Team (CERT-UA), has uncovered a campaign targeting high-profile entities in Ukraine that was cross-correlated with a spearphishing campaign uncovered by Recorded Future’s Network Traffic Intelligence. The campaign leveraged news about Russia’s war against Ukraine to encourage recipients to open emails, which immediately compromised vulnerable Roundcube servers (an open-source webmail software), using CVE-2020-35730, without engaging with the attachment. We found that the campaign overlaps with historic BlueDelta activity exploiting the Microsoft Outlook zero-day vulnerability CVE-2023-23397 in 2022.