CyberSecurity news
FlagThis
Field Effect@Blog
//
A Russia-aligned espionage operation, dubbed Operation RoundPress, has been discovered by ESET researchers. The operation targets webmail software to steal secrets from email accounts, primarily those belonging to governmental organizations in Ukraine and defense contractors in the EU. The Sednit group, also known as APT28 and Fancy Bear, is suspected to be behind the attacks, leveraging spear-phishing emails that exploit XSS vulnerabilities to inject malicious JavaScript code into targeted webmail pages.
The attackers initially targeted Roundcube, but later expanded their reach to include other webmail software such as Horde, MDaemon, and Zimbra. The operation exploits security holes in webmail software to target Ukrainian governmental entities and defense companies in Eastern Europe. Some attacks have even circumvented two-factor authentication, demonstrating the sophistication of the operation and the challenges it poses to threat detection and response mechanisms.
While most of the victims are currently based overseas, security experts suggest that North American entities, particularly those in government, defense, and critical infrastructure sectors, could also be targeted. The group's ability to exploit both known and zero-day vulnerabilities across multiple platforms, coupled with the ability to adapt payloads to specific targets, underscores the need for organizations using vulnerable webmail platforms to remain vigilant. According to experts the hackers are able to steal credentials, emails and contacts without persistent malware installation.
References :
The attackers initially targeted Roundcube, but later expanded their reach to include other webmail software such as Horde, MDaemon, and Zimbra. The operation exploits security holes in webmail software to target Ukrainian governmental entities and defense companies in Eastern Europe. Some attacks have even circumvented two-factor authentication, demonstrating the sophistication of the operation and the challenges it poses to threat detection and response mechanisms.
While most of the victims are currently based overseas, security experts suggest that North American entities, particularly those in government, defense, and critical infrastructure sectors, could also be targeted. The group's ability to exploit both known and zero-day vulnerabilities across multiple platforms, coupled with the ability to adapt payloads to specific targets, underscores the need for organizations using vulnerable webmail platforms to remain vigilant. According to experts the hackers are able to steal credentials, emails and contacts without persistent malware installation.
Share:
References :
- Virus Bulletin: ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers with spear-phishing emails leveraging an XSS vulnerability. Most of the victims are government entities and defence companies in Eastern Europe.
- www.scworld.com: While most of the victims are based overseas, security pros say it’s plausible the group will also target North America.
- WeLiveSecurity: Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU
Classification:
- HashTags: #Espionage #Webmail #Cybersecurity
- Company: ESET
- Target: Government Entities, Defence Companies
- Attacker: Sednit
- Product: Webmail Servers
- Feature: XSS Vulnerability
- Type: Espionage
- Severity: Medium