www.proofpoint.com
Chinese Espionage Targets Universities via Roundcube Exploits
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A China-aligned threat group exploited vulnerabilities in Roundcube to infiltrate U.S. and Canadian universities, particularly targeting physics and engineering departments. The campaign, tracked as UNK_MassTraction, began in May 2026 and utilized CVE-2024-42009 to execute JavaScript in victims' browsers and CVE-2025-49113 to gain access to mail servers. Less than 10 universities have confirmed breaches, but many more may be affected. The attackers employed generic email lures to initiate the exploit, which only required victims to open the emails. The operation aims to steal sensitive data and establish long-term access via webshells and backdoors. Researchers noted the use of a covert network linked to multiple China-aligned groups and the presence of Chinese language artifacts in the phishing emails. The campaign is ongoing, with many victims potentially unaware of the attacks.
Key Points: • China-aligned attackers exploited Roundcube vulnerabilities targeting university departments. • The campaign, UNK_MassTraction, began in May 2026 and is still ongoing. • Less than 10 universities confirmed breaches, but many more may be impacted.