An APT group known in the security industry as Winter Vivern has been exploiting a vulnerability in the Zimbra Collaboration software to gain access to mailboxes from government agencies in several European countries. While no clear links have been established between Winter Vivern and a particular country’s government, security researchers have noted that its activities closely align with the interests of Russia and Belarus.
The group, which is also tracked as TA473 or UAC-0114, has been operating since at least 2021 and past victims were identified in Lithuania, India, Vatican, and Slovakia. According to a report earlier this month by cybersecurity firm SentinelLabs, more recent targets include Polish government agencies, Ukraine’s Ministry of Foreign Affairs, Italy’s Ministry of Foreign Affairs, individuals within the Indian government, and telecommunications companies that support Ukraine in the ongoing war. In a new report released today, cybersecurity firm Proofpoint said it saw Winter Vivern campaigns late last year that targeted elected officials in the United States and their staffers.