APT / THREAT GROUP
Zimbra
1
aliases
Intelligence Profile
Ransomware [email protected]
Threat Analysis
Zimbra is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Zimbra
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
BleepingComputer· Apr 24, 2026
Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
SecurityWeek· Apr 21, 2026
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
CISA Alerts· Apr 20, 2026
Russian hackers exploit Zimbra flaw in Ukrainian govt attacks
BleepingComputer· Mar 19, 2026
Russian APT Exploits Zimbra Vulnerability Against Ukraine
SecurityWeek· Mar 19, 2026
Russian hackers exploit Zimbra flaw to breach Ukrainian maritime agency
The Record· Mar 19, 2026
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
The Hacker News· Mar 19, 2026
CISA orders feds to patch Zimbra XSS flaw exploited in attacks
BleepingComputer· Mar 18, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases1
Also Known As
Zimbra
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.