| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2023-43770 | Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability | secondary_impact | T1082 | System Information Discovery |
Comments
This vulnerability is exploited by an adversary via malicious links embedded in trustworthy websites to infiltrate victim systems. Successful exploitation grants the adversary the ability to execute arbitrary code on the impacted system.
The Russia-aligned hacking group TAG-70 has been attributed to exploiting this vulnerability. TAG-70 has used this vulnerability in an espionage campaign targeting European government and military agencies, as well as Iranian embassies in Russia, aiming to gather intelligence on European political and military activities. The campaign, active from early to mid-October 2023, is part of a broader pattern of Russian state-aligned cyber-espionage targeting email services.
References
|
| CVE-2023-43770 | Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability is exploited by an adversary via malicious links embedded in trustworthy websites to infiltrate victim systems. Successful exploitation grants the adversary the ability to execute arbitrary code on the impacted system.
The Russia-aligned hacking group TAG-70 has been attributed to exploiting this vulnerability. TAG-70 has used this vulnerability in an espionage campaign targeting European government and military agencies, as well as Iranian embassies in Russia, aiming to gather intelligence on European political and military activities. The campaign, active from early to mid-October 2023, is part of a broader pattern of Russian state-aligned cyber-espionage targeting email services.
References
|
| CVE-2023-43770 | Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability | exploitation_technique | T1189 | Drive-by Compromise |
Comments
This vulnerability is exploited by an adversary via malicious links embedded in trustworthy websites to infiltrate victim systems. Successful exploitation grants the adversary the ability to execute arbitrary code on the impacted system.
The Russia-aligned hacking group TAG-70 has been attributed to exploiting this vulnerability. TAG-70 has used this vulnerability in an espionage campaign targeting European government and military agencies, as well as Iranian embassies in Russia, aiming to gather intelligence on European political and military activities. The campaign, active from early to mid-October 2023, is part of a broader pattern of Russian state-aligned cyber-espionage targeting email services.
References
|