Hackers Impersonate Libyan Navy to Attack Brazilian Military with Zimbra Zero-Day

Unknown attackers exploited a zero-day vulnerability in Zimbra's email to target Brazil's military, highlighting rare and sophisticated cyber tactics.

By Content Team

Oct 7, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Unknown attackers posing as Libya's Navy Office of Protocol targeted Brazil's military using a malicious calendar file to exploit a zero-day vulnerability in Zimbra's email system. The rare attack method bypassed traditional defenses through a weaponized ICS file containing JavaScript that exploited CVE-2025-27915, an XSS vulnerability.

Once executed, the malware stole credentials, emails, contacts, and authentication data while redirecting messages to attacker-controlled servers. The sophisticated payload included multiple obfuscation layers and could bypass multi-factor authentication protections.

Zimbra patched the vulnerability in June with version 10.1.9 after the attack occurred. StrikeReady researchers noted this direct exploitation of collaboration tools via email attachments is extremely rare, suggesting involvement of highly skilled threat actors.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Oracle Customers Hit by Extortion Emails After Vulnerability Exploits

Oct 3, 2025

Microsoft Shuts Down Ransomware Gang Using Fake Teams Apps

Oct 18, 2025

SonicWall Breached, Customer Firewall Data Exposed in Cloud Attack

Sep 25, 2025

Critical Infrastructure at Risk as Internet-Connected Industrial Systems Surge 12%

Sep 28, 2025