Winter Vivern       , a pro-Russia hacking group  , has been targeting government organizations in Europe and Asia, as well as a think tank. They have exploited a zero-day vulnerability in Roundcube webmail servers     , known as CVE-2023-5631   . This vulnerability allows attackers to remotely exploit Roundcube through a malicious email .
The cybersecurity company ESET detected these attacks and promptly reported the vulnerability to Roundcube developers on October 16. Security patches were released five days later to address the vulnerability , after ESET observed the Russian threat actors actively exploiting it in real-world attacks . Administrators are strongly advised to upgrade their installations to the fixed versions and remain vigilant for any signs of compromise if they suspect they may have been targeted. The vulnerability affects Roundcube versions 1.6.x before 1.6.4, 1.5.x before 1.5.5   , and 1.4.x before 1.4.15   .
The Winter Vivern hacking group’s targeting of government organizations and a think tank, exploiting a zero-day vulnerability in Roundcube webmail servers      , has significant implications. The successful exploitation of this vulnerability, even on fully patched instances of Roundcube, highlights the need for constant vigilance and prompt patching of software vulnerabilities. Administrators should upgrade their installations to the fixed versions and remain alert for any signs of compromise. This incident also underscores the importance of cybersecurity companies like ESET in detecting and reporting such threats, enabling developers to release security patches promptly.