""The ultimate goal of this operation is to steal confidential data from specific email accounts," ESET researcher Matthieu Faou said in a report."
"Operation RoundPress' ties to APT28 stem from overlaps in the email address used to send the spear-phishing emails and similarities in the way certain servers were configured."
ESET has identified a Russian-linked cyber espionage campaign named Operation RoundPress, attributed to APT28, targeting webmail servers like Roundcube and MDaemon. The operation, which began in 2023, exploits XSS vulnerabilities, including a zero-day in MDaemon. Targeting primarily governmental and defense entities in Eastern Europe, its reach has extended globally to include victims in Africa, Europe, and South America. APT28 has a history of exploiting email software vulnerabilities, and evidence indicates overlaps in phishing tactics between concurrent threat actor campaigns.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]