Chinese espionage group exploits Roundcube flaws to target US and Canadian universities

Chinese espionage group exploits Roundcube webmail vulnerabilities to target US and Canadian universities

CSBadmin
1 Min Read

A suspected Chinese espionage group exploited a chain of Roundcube webmail vulnerabilities to burrow into university email systems in the United States and Canada, security researchers at Proofpoint have disclosed.

The campaign targeted university research departments specializing in sensitive technologies, using the Roundcube exploit chain to steal email credentials and monitor communications. The attackers deployed a sophisticated multi-stage attack that first exploited a cross-site scripting vulnerability to deliver a session hijacking payload, then used the compromised sessions to exfiltrate emails from targeted researchers. The campaign has been active since late 2025 and demonstrates the continued focus of Chinese state-sponsored groups on academic research institutions.

Universities are particularly vulnerable to this type of cyber espionage because their open email systems and collaborative culture make it difficult to restrict communication while the valuable intellectual property and research data they hold make them attractive targets. Proofpoint has shared indicators of compromise with affected institutions and recommends that all universities using Roundcube apply the latest security patches and enable multi-factor authentication for email access.

HTMLEOF

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.