Operation RoundPress targets webmail software program to steal secrets and techniques from e mail accounts belonging primarily to governmental organizations in Ukraine and protection contractors within the EU
15 Might 2025
ESET researchers have found a cyberespionage operation that abuses cross-site scripting (XSS) vulnerabilities, together with a zero-day XSS flaw in MDaemon webmail software program, to steal confidential data from particular e mail accounts belonging to officers working for varied governmental organizations in Ukraine and protection contractors in Europe and on different continents.
Operation RoundPress, so nicknamed by ESET, is most likely the work of the Russia-aligned Sednit APT group, who first took intention at Roundcube, however later expanded its focusing on to different webmail software program, together with Horde, MDaemon, and Zimbra. In some instances, the attackers even circumvented two-factor (2FA) authentication.
What else is there to know concerning the operation’s ways, methods, and procedures? Study from ESET Chief Safety Evangelist Tony Anscombe within the video and ensure to learn the complete blogpost.
