A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware.
The campaign has been observed since May and focuses on physics and engineering departments, administrators and professors, as well as organizations involved in astrophysics, particle physics, or national security-related research.
Researchers at cybersecurity company Proofpoint are tracking the activity under the name ‘UNK_MassTraction’ and believe to be associated with a new threat cluster.
