Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

Summary

Suspected China-aligned hackers are exploiting critical, now-patched, vulnerabilities in Roundcube webmail software to target U.S. and Canadian university departments. The attackers aim to steal credentials by exploiting flaws such as CVE-2024-42009.

IFF Assessment

FOE

The exploitation of vulnerabilities by a sophisticated threat actor to steal credentials represents a direct threat to organizations and individuals.

Severity

9.3 Critical

The CVSS score of 9.3 indicates a critical vulnerability, likely due to its high attack vector (e.g., network exploitable), high complexity and low user interaction required, and significant impact on confidentiality, integrity, and availability.

CISA KEV: Listed as actively exploited. Federal patch due: June 30, 2025. Known ransomware use: Unknown.

Defender Context

This incident highlights the continued threat posed by nation-state actors targeting academic institutions, particularly through exploited web application vulnerabilities. Defenders should prioritize patching known vulnerabilities in widely used software like Roundcube and implement robust credential monitoring and multi-factor authentication to mitigate the risk of such attacks.

Read Full Story →