Dossier
Roundcube
Coverage of Roundcube in the Nexus archive.
China-linked threat clusterorganization1U.S. universitiesplace1Canadian universitiesplace1backdoor malwaretopic1Proofpointorganization1Greg Lesnewichperson1UNK_MassTractionorganization1CVE-2024-42009topic1CVE-2025-49113topic1U.S. and Canadian universitiesplace1physics and engineering departmentstopic1
- Hackers exploit Roundcube flaw to spy on academic researchers
Hackers linked to China are exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware, targeting academic researchers.
- Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities
China-aligned attackers exploited Roundcube vulnerabilities to breach U.S. and Canadian university networks, targeting physics and engineering departments to steal data and establish persistent access. The campaign, linked to the UNK_MassTraction cluster, used CVE-2024-42009 and CVE-2025-49113 to execute JavaScript and gain mailserver access via phishing emails.