The Russian state-sponsored group APT28 is actively exploiting XSS vulnerabilities in mail servers worldwide to conduct espionage campaigns, targeting government and defense organizations. Their operations involve injecting malicious scripts to steal credentials, contacts, and messages, often bypassing security measures.
Affected: government and defense entities, webmail servers (Roundcube, Horde, MDaemon, Zimbra).
Affected: government and defense entities, webmail servers (Roundcube, Horde, MDaemon, Zimbra).
Keypoints
- APT28 is a Russian hacking group known for targeted espionage campaigns since 2004.
- They exploit Cross-Site Scripting (XSS) vulnerabilities in popular webmail servers to infect victims.
- The attacks primarily involve injecting malicious JavaScript to steal sensitive data and contacts.
- Operations like RoundPress have expanded to multiple mail server platforms in 2023 and 2024.
- High-profile targets include Ukrainian government, defense companies in Bulgaria and Romania, and other international entities.