www.infosecurity-magazine.com 7/7/2026, 4:16:18 PM · external

China linked hackers hit US Canada universities via Roundcube

China linked hackers hit US Canada universities via Roundcube
CyberSIXT Evidence Panel
Primary Source proofpoint.com
CISA KEV Listed in KEV
Patch Patch Available
Threat Actor
UNK_MassTraction

A China-aligned threat group, identified as UNK_MassTraction, has been exploiting vulnerable Roundcube mail servers at universities in the US and Canada. The attackers are targeting physics and engineering departments potentially linked to national security. Utilizing known vulnerabilities, they gained access to mail servers for credential theft and further network infiltration rather than just email data theft.

The campaign includes phishing emails with malicious content exploiting a cross-site scripting vulnerability (CVE-2024-42009). They deployed a JavaScript payload, IceCube, for stealing authentication data and used various techniques, including server-side exploitations and webshell installations. Notably, they installed the VShell backdoor for continued access, indicating an espionage motive. Proofpoint advises enhanced security measures for mail servers, likening their importance to that of VPNs and remote access nodes.

View Primary Source Via www.infosecurity-magazine.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline