www.proofpoint.com
Chinese Threat Group Exploits Roundcube Vulnerabilities in University Networks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A suspected China-aligned threat group, tracked as UNK_MassTraction, has been exploiting vulnerabilities in Roundcube mail servers at U.S. and Canadian universities since May 2026. The campaign targets physics and engineering departments linked to national security, using phishing emails to exploit CVE-2024-42009, a cross-site scripting vulnerability. This allows attackers to execute JavaScript in victims' browsers, leading to credential theft and network access via CVE-2025-49113, a deserialization vulnerability. Proofpoint identified less than 10 confirmed victims but estimates that dozens of universities may be affected. The attackers employed generic lures in emails to trigger the initial access, indicating a broader targeting strategy. The campaign is ongoing, with researchers warning that many victims may remain unaware of the compromises.
Key Points: • Suspected China-aligned group UNK_MassTraction exploits Roundcube vulnerabilities. • Targeted departments include physics and engineering at U.S. and Canadian universities. • Attackers use phishing emails to exploit CVE-2024-42009 and CVE-2025-49113 for credential theft.