ESET researchers uncovered Operation RoundPress, a covert cyberespionage campaign targeting vulnerable webmail platforms through XSS attacks, primarily attributed to the Sednit group. The operation aims to steal sensitive emails and data from government and defense organizations worldwide.
Affected: government and defense organizations, webmail services.
Affected: government and defense organizations, webmail services.
Keypoints
- Operation RoundPress is a cyberespionage campaign targeting webmail vulnerabilities.
- The campaign is attributed with medium confidence to the Russia-aligned Sednit (APT28) group.
- It exploits known and zero-day XSS vulnerabilities to inject spyware payloads called SpyPress.
- Victims include governmental, military, and defense organizations across multiple countries.
- Organizations with outdated webmail systems are highly vulnerable and should urgently apply patches and security audits.