New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Come meet us at Black Hat USA 2025 | Booth 1640
Book a Meeting

Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

August 18, 2022

Cyber threat actors may be targeting unpatched ZCS instances in both government and private sector networks.

CISA and the MS-ISAC strongly urge users and administrators to apply the guidance in the Recommendations section of this CSA to help secure their organization's systems against malicious cyber activity.

CISA and the MS-ISAC encourage organizations who did not immediately update their ZCS instances upon patch release, or whose ZCS instances were exposed to the internet, to assume compromise and hunt for malicious activity using the third-party detection signatures in the Detection Methods section of this CSA.

Organizations that detect potential compromise should apply the steps in the Incident Response section of this CSA.