China-Aligned Threat Exploits Roundcube Flaws in University Mail Servers
Suspected China-aligned actors are exploiting critical security flaws in the Roundcube webmail software to siphon credentials and gain persistent access to university email systems. This sophisticated attack chain utilizes a sequence of vulnerabilities and tools, including XSS and post-authenticated RCE flaws, to establish a foothold on mail servers.
A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign.
The activity involves the exploitation of now-patched, critical security flaws in the open-source email solution, such as CVE-2024-42009 (CVSS score: 9.3), to siphon credentials,
*** END OF TRANSMISSION ***