Technology NewsTechnology NewsTechnology News
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Reading: Russian Cyber Group Targets Email Servers with XSS Vulnerability
Share
Font ResizerAa
Technology NewsTechnology News
Font ResizerAa
Search
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Follow US
  • Cookie Policy (EU)
  • Contact
  • About
© 2025 NEWSLINKER - Powered by LK SOFTWARE
Cybersecurity

Russian Cyber Group Targets Email Servers with XSS Vulnerability

Highlights

  • Russian group TAG-70 exploits email XSS flaw.

  • Over 80 governmental organizations breached.

  • Indicators of compromise and malware identified.

NEWSLINKER
Last updated: 20 February, 2024 - 12:31 pm 12:31 pm
NEWSLINKER 1 year ago
Share
SHARE

Cybersecurity experts have identified a Russian cyber group, known as TAG-70, which has been exploiting a critical Cross-Site Scripting (XSS) flaw in Roundcube webmail servers. This group, which has connections to known threat actors Winter Vivern, TA473, and UAC-0114, has launched attacks on more than 80 organizations related to government, military, and national infrastructure, focusing on targets in Georgia, Poland, and Ukraine since October 2023.

Contents
Strategic Email ExploitsDetailed Threat Operations

Strategic Email Exploits

The campaign is not isolated, representing the latest in a series of email server attacks by Russian-aligned cyber groups. These groups aim to gather sensitive intelligence that could influence the ongoing conflict between Russia and Ukraine. TAG-70, in particular, has been active in the cyber-espionage arena, previously creating a fake Ukrainian Ministry of Foreign Affairs website and exploiting vulnerabilities in the Zimbra webmail portal.

Detailed Threat Operations

Their recent campaign, exploiting the XSS flaw CVE-2023-5631, allowed them to list and exfiltrate email contents from victim accounts surreptitiously. Suspected TAG-70 controlled IP addresses and domains were tracked, showing communications over TCP port 7662 and the use of Tor for administering command-and-control (C2) servers. A detailed analysis indicated the high level of sophistication and funding behind TAG-70’s operations.

In February 2023, suspicious activity involving a C2 IP address was discovered, leading to the identification of TAG-70 controlled domains communicating with victim systems. This activity also included communications with an IP address associated with the Uzbekistan Embassy in Ukraine, further illustrating the geographical scope of TAG-70’s cyber-espionage activities.

Cybersecurity responders continue to monitor and analyze TAG-70’s evolving tactics and infrastructure. As part of this ongoing surveillance, several domains and IP addresses have been identified as indicators of compromise, along with malware samples linked to the group’s campaigns.

The escalating series of cyber-attacks emphasizes the need for heightened vigilance and robust cybersecurity measures, especially among entities at risk of state-sponsored espionage.

You can follow us on Youtube, Telegram, Facebook, Linkedin, Twitter ( X ), Mastodon and Bluesky

You Might Also Like

China-Linked Cyberattack Targets French Infrastructure Using Ivanti Flaws

FBI Reports Chinese Hackers Remain Contained in US Telecoms

Cloudflare Lets Websites Set Fees for AI-Crawling Bots

AT&T Launches Wireless Account Lock to Block SIM-Swapping Attacks

US Authorities Target North Korean IT Worker Schemes and Make Arrest

Share This Article
Facebook Twitter Copy Link Print
By NEWSLINKER
NEWS LINKER is your premier source for the latest in business, finance, science, gaming, and technology. We are dedicated to bringing you the most accurate, timely, and engaging content from across these dynamic industries. Dive deep into the world of cutting-edge developments, breakthroughs, market trends, and game-changing innovations..
Previous Article Pokemon Company Sets Date for Exciting News Broadcast
Next Article New Samsung TV Innovations Spotlighted at European Tech Seminar

Stay Connected

6.2kLike
8kFollow
2.3kSubscribe
1.7kFollow

Latest News

Players Solve Wordle Puzzle as ATRIA Challenges Vocabulary Skills
Gaming
Google Expands Pixel Watch 4 Choices with New Colors and Sizes
Wearables
Dusty Robotics Upgrades FieldPrinter 2 with PMD Motion Control
Robotics
Wordle Players Tackle Challenging Saturday Puzzle with Mixed Results
Gaming
Amazon Cuts Garmin Fenix 7 Pro Price Ahead of Prime Day
Wearables
NEWSLINKER – your premier source for the latest updates in ai, robotics, electric vehicle, gaming, and technology. We are dedicated to bringing you the most accurate, timely, and engaging content from across these dynamic industries. Join us on our journey of discovery and stay informed in this ever-evolving digital age.

ARTIFICAL INTELLIGENCE

  • Can Artificial Intelligence Achieve Consciousness?
  • What is Artificial Intelligence (AI)?
  • How does Artificial Intelligence Work?
  • Will AI Take Over the World?
  • What Is OpenAI?
  • What is Artifical General Intelligence?

ELECTRIC VEHICLE

  • What is Electric Vehicle in Simple Words?
  • How do Electric Cars Work?
  • What is the Advantage and Disadvantage of Electric Cars?
  • Is Electric Car the Future?

RESEARCH

  • Robotics Market Research & Report
  • Everything you need to know about IoT
  • What Is Wearable Technology?
  • What is FANUC Robotics?
  • What is Anthropic AI?
Technology NewsTechnology News
Follow US
About Us   -  Cookie Policy   -   Contact

© 2025 NEWSLINKER. Powered by LK SOFTWARE
Welcome Back!

Sign in to your account

Register Lost your password?