By Interestana AI Editorial — AI-drafted, human-overseen. How we report
Hackers Exploit Roundcube Flaw at Universities
A China-linked threat cluster has been actively exploiting a vulnerability in Roundcube webmail servers, targeting academic institutions in the United States and Canada. The attackers are leveraging this flaw to gain unauthorized access to sensitive information, including user credentials. This campaign aims to facilitate further intrusion and data exfiltration from these educational organizations.
Researchers at Mandiant, part of Google Cloud, identified the exploitation of a specific vulnerability within the Roundcube webmail application. The threat actors are using this exploit to deploy a backdoor, allowing them to maintain persistent access to compromised systems. This backdoor enables the attackers to conduct further reconnaissance and potentially move laterally within the victim's network. The primary objective appears to be the theft of credentials, which can then be used to access other systems or services.
The identified threat cluster, tracked by Mandiant as UNC3944, has a history of targeting organizations with sophisticated phishing and exploitation techniques. Their focus on academic institutions suggests a potential interest in intellectual property, research data, or the credentials of individuals associated with these universities. The group's methods involve both exploiting known vulnerabilities and employing social engineering tactics to trick users into revealing sensitive information.
Mandiant's analysis indicates that the exploitation of Roundcube servers is part of a broader campaign by UNC3944. The group has been observed deploying various types of malware and backdoors to achieve their objectives. The specific vulnerability being exploited in Roundcube allows for remote code execution, a critical weakness that enables the attackers to gain a foothold on the server. The ongoing nature of this campaign underscores the persistent threat posed by nation-state-backed actors to academic and research communities worldwide.
Original source — read the full reporting at the publisher:
Read on BleepingComputerGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.