logo

Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities

ID: a91cf78b-9a73-5154-9e1f-ba2c12964a82

STIX ID: report--a91cf78b-9a73-5154-9e1f-ba2c12964a82

Feed Name: CyberScoop

Threat Score
84/100

Date Published: 2026-07-07

Date Updated: 2026-07-07

Author: Matt Kapko

...
...

Proofpoint researchers observed a China-aligned espionage campaign (UNK_MassTraction) targeting U.S. and Canadian universities—primarily physics and engineering departments—by chaining two critical Roundcube vulnerabilities (CVE-2024-42009 and CVE-2025-49113). Attackers delivered simple email lures that required only opening a message to trigger a browser-based exploit and then gain mailserver access, enabling persistent access via webshells, backdoors and VShell; fewer than ten victims were confirmed but researchers estimate more institutions may be impacted and the campaign is ongoing.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.