China-aligned hackers exploited critical vulnerabilities in Roundcube to access U.S. and Canadian university email systems. This tactic highlights risks for institutions linked to national security and advanced scientific research, as the attackers utilize phishing and XSS exploits to siphon credentials.
A suspected threat group linked to China has been observed exploiting vulnerabilities in Roundcube webmail software. This activity targets administrators and professors in physics and engineering departments of universities in the U.S. and Canada, taking advantage of critical security flaws like CVE-2024-42009.
The attack exploits now-patched vulnerabilities, including a cross-site scripting (XSS) flaw that only requires victims to open the email in Roundcube. The exploitation allows attackers to execute arbitrary JavaScript code in the context of the victim's browser.
The targeted departments were running versions of Roundcube vulnerable to N-day security flaws, suggesting preparatory reconnaissance was conducted before the phishing campaign. Attackers used compromised sender emails and exploited lax DMARC policies to send malicious emails.
The exploit's payload, codenamed IceCube, collects sensitive information, including user credentials, two-factor authentication data, and cookies. The harvested data is relayed to an external system, presenting significant risks for the affected institutions.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
China-aligned hackers exploited critical vulnerabilities in Roundcube to access U.S. and Canadian university email systems. This tactic highlights risks for institutions linked to national security and advanced scientific research, as the attackers utilize phishing and XSS exploits to siphon credentials.