ESET has identified a Russian-linked cyber espionage campaign named Operation RoundPress, attributed to APT28, targeting webmail servers like Roundcube and MDaemon. The operation, which began in 2023, exploits XSS vulnerabilities, including a zero-day in MDaemon. Targeting primarily governmental and defense entities in Eastern Europe, its reach has extended globally to include victims in Africa, Europe, and South America. APT28 has a history of exploiting email software vulnerabilities, and evidence indicates overlaps in phishing tactics between concurrent threat actor campaigns.
"The ultimate goal of this operation is to steal confidential data from specific email accounts," ESET researcher Matthieu Faou said in a report.
Operation RoundPress' ties to APT28 stem from overlaps in the email address used to send the spear-phishing emails and similarities in the way certain servers were configured.
Collection
[
|
...
]