securityonline.info 7/13/2026, 6:22:25 PM · external

UNK_MassTraction Exploits Roundcube Webmail to Hit University Physics Departments

UNK_MassTraction Exploits Roundcube Webmail to Hit University Physics Departments
Developing story campaign 2 articles tracked
Roundcube Webmail flaws exploited to target university physics departments
CyberSIXT Evidence Panel
Primary Source proofpoint.com
CISA KEV Listed in KEV
Patch Patch Available
Threat Actor
UNK_MassTraction

THE UNK_MassTraction, a suspected China-aligned espionage group, has been exploiting vulnerabilities in Roundcube webmail to infiltrate physics and engineering departments at select US and Canadian universities since May 2026. The attacks, which have targeted fewer than 10 confirmed victims, involve credential theft, deploying webshells, and using the VShell backdoor.

The infection process begins with a phishing email that exploits known vulnerabilities (CVE-2024-42009 and CVE-2025-49113) to execute malicious JavaScript, steal login information using a tool called IceCube, and install a webshell named SquareShell. Efforts have been made to conceal the campaign's ties to China, but indicators point to a potential linkage to previous Chinese exploitation techniques.

Recommendations for protection include patching affected software, enhancing security measures against spoofed emails, and monitoring for unusual activities on mail servers.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline