TEMP_Heretic

MISP

Type:
Unknown

Country:
CN

First seen:
Unknown

Details:

TEMP_Heretic is a threat actor that has been observed engaging in targeted spear-phishing campaigns. They exploit vulnerabilities in email platforms, such as Zimbra, to exfiltrate emails from government, military, and media organizations. They use multiple outlook.com email addresses and manually craft content for each email before sending it.

References (2)

welivesecurity.com - Mass Spreading Campaign Targeting Zimbra Users
volexity.com - Operation Emailthief Active Exploitation Of Zero Day Xss Vulnerability In Zimbra

Metadata

ID:	520
Created:	13/01/2026 17:48
Updated:	09/03/2026 16:00