Attacks linked to a Chinese threat actor have exploited a Zimbra’s zero-day vulnerability and are stealing emails linked to European government and media.
Researchers say that at the time of writing the exploit has no available patch.
Zimbra says that more than 200,000 businesses from over 140 countries are using its software, including over 1,000 government and financial organizations.
The vulnerability allows attackers to perform a number of malicious actions. These include exfiltrating cookies to allow persistent access to a mailbox, sending phishing messages to the user’s contacts and displaying prompt to download malware from trusted websites.