Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities

Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities
China-aligned attackers breached U.S. and Canadian university networks to steal sensitive data and maintain persistent access through webshells and backdoors. The campaign targeted physics and engineering departments and used Roundcube flaws CVE-2024-42009 and CVE-2025-49113 to gain access, with evidence pointing to the threat cluster UNK_MassTraction and the use of VShell. #UNK_MassTraction #Roundcube #VShell #CVE-2024-42009 #CVE-2025-49113

Keypoints

  • China-aligned attackers infiltrated U.S. and Canadian university networks.
  • The campaign focused on physics and engineering departments with national security ties.
  • Researchers found less than 10 confirmed victims, with more universities possibly affected.
  • Attackers chained Roundcube vulnerabilities CVE-2024-42009 and CVE-2025-49113 to steal credentials and gain access.
  • The threat cluster used webshells, backdoors, and VShell to maintain long-term persistence.

Read More: https://cyberscoop.com/china-espionage-attacks-us-canada-universities-proofpoint/