China‑Aligned Cluster Exploits Roundcube Mail Servers
🔒 New research from Proofpoint identified a suspected China-aligned cluster, tracked as UNK_MassTraction, exploiting vulnerable Roundcube webmail instances at US and Canadian universities. The attackers targeted physics and engineering departments using known Roundcube vulnerabilities to steal credentials, deploy webshells and establish persistent access. The campaign leveraged malicious JavaScript (IceCube) and exploited CVE-2025-49113 to load the VShell backdoor in memory, enabling lateral movement and espionage-focused intrusions.
