Group tracked since 2021 exploits unpatched Zimbra servers to hack email accounts.
The campaign uses malicious JavaScript that’s customized for individual webmail portals belonging to various NATO-aligned organizations, researchers from security firm Proofpoint said.
