Operation RoundPress targets webmail software program to steal secrets and techniques from electronic mail accounts belonging primarily to governmental organizations in Ukraine and protection contractors within the EU
15 Might 2025
ESET researchers have found a cyberespionage operation that abuses cross-site scripting (XSS) vulnerabilities, together with a zero-day XSS flaw in MDaemon webmail software program, to steal confidential data from particular electronic mail accounts belonging to officers working for varied governmental organizations in Ukraine and protection contractors in Europe and on different continents.
Operation RoundPress, so nicknamed by ESET, is most likely the work of the Russia-aligned Sednit APT group, who first took purpose at Roundcube, however later expanded its concentrating on to different webmail software program, together with Horde, MDaemon, and Zimbra. In some circumstances, the attackers even circumvented two-factor (2FA) authentication.
What else is there to know concerning the operation’s ways, strategies, and procedures? Be taught from ESET Chief Safety Evangelist Tony Anscombe within the video and ensure to learn the complete blogpost.
