US EditionGlobal Russian Hacking Campaign Steals Data From Government Agencies
- Since 2023, the Russian state-sponsored hacking group Fancy Bear has conducted a cyberespionage campaign stealing emails from government agencies worldwide using webmail vulnerabilities.
- This campaign, dubbed RoundPress, exploits zero-day and n-day cross-site scripting flaws in popular webmail software like Roundcube, MDaemon, Horde, and Zimbra to gain unauthorized access.
- The attack begins with spear-phishing emails referencing current political news, embedding malicious JavaScript that executes upon opening to steal email contents, contacts, and two-factor authentication credentials.
- ESET researchers identified at least 17 victim organizations across Ukraine, Greece, Serbia, Cameroon, Ecuador, Bulgaria, and Romania, including governments, military units, defense contractors, and critical infrastructure companies.
- The campaign’s ongoing nature and continuous discovery of new vulnerabilities suggest persistent efforts by Fancy Bear to gather intelligence on Ukrainian defense supply chains and related geopolitical targets.
13 Articles
13 Articles
Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers
Fancy Bear, the hacking group linked to Russia’s Main Intelligence Directorate (GRU), has been targeting the email accounts of high-ranking Ukrainian officials as well as executives at defense contractors located in other countries who sell weapons and equipment to Kyiv, according to new research from ESET. The campaign, ongoing since at least 2023, has taken advantage of spearphishing and cross-site scripting vulnerabilities in different webmai…
Global Russian hacking campaign steals data from government agencies - WorldNL Magazine
Image Credit: Pixabay (Image credit: Geralt / Pixabay) ESET uncovers a major cyber-espionage campaignIt was attributed to APT28, AKA Fancy BearThe campaign leveraged multiple n-day and zero-day flawsFor years now, Russian state-sponsored threat actors have been eavesdropping on email communications from governments across Eastern Europe, Africa, and Latin America.A new report from cybersecurity researchers ESET has found that the crooks were ab…
Sednit group's 'Operation RoundPress' targets webmail servers globally
While most of the victims are based overseas, security pros say it’s plausible the group will also target North America. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Article Link: Sednit group’s ‘Operation RoundPre…
Sednit abuses XSS flaws to hit gov’t entities, defense companies
2025-05-15 09:15:00 www.welivesecurity.com Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU 15 May 2025 ESET researchers have discovered a cyberespionage operation that abuses cross-site scripting (XSS) vulnerabilities, including a zero-day… Source
Coverage Details
Bias Distribution
- 100% of the sources are Center
To view factuality data please Upgrade to Premium
Ownership
To view ownership data please Upgrade to Vantage
