Threat Intelligence Report

Operation GhostMail: Russian APT Exploits Zimbra XSS to Target Ukraine Government

📅 March 17, 2026 📰 www.seqrite.com 🔍 1 CVE(s) referenced

A Russian state-sponsored APT exploited a novel Zimbra webmail XSS vulnerability via a weaponized HTML email, enabling full browser-session hijack and stealthy credential and mailbox theft from a Ukrainian government agency without attachments, links, or traditional malware.

vendor

CVE-2025-66376

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle