A Russian advanced persistent threat (APT) actor has been using the cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target critical government infrastructures in Europe, according to a research by Recorded Future.
The threat group, known as Winter Vivern, was tracked as TAG-70 and was found conducting espionage campaigns targeting over 80 organizations, mainly in Georgia, Poland, and Ukraine.