Winter Vivern APT Resurfaces to Target European Entities

The Winter Vivern espionage group targeted European government entities and a think tank using a zero-day vulnerability in Roundcube Webmail, enabling email exfiltration with minimal interaction. The payload used in the campaign worked even on fully patched Roundcube instances. Despite the low sophistication of the group’s toolset, Winter Vivern remains a significant threat to organizations in Europe.