Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities
ID: a91cf78b-9a73-5154-9e1f-ba2c12964a82
STIX ID: report--a91cf78b-9a73-5154-9e1f-ba2c12964a82
Feed Name: CyberScoop
Proofpoint researchers observed a China-aligned espionage campaign (UNK_MassTraction) targeting U.S. and Canadian universities—primarily physics and engineering departments—by chaining two critical Roundcube vulnerabilities (CVE-2024-42009 and CVE-2025-49113). Attackers delivered simple email lures that required only opening a message to trigger a browser-based exploit and then gain mailserver access, enabling persistent access via webshells, backdoors and VShell; fewer than ten victims were confirmed but researchers estimate more institutions may be impacted and the campaign is ongoing.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
