Article Details

Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Source: The Hacker News
Published: 2025-05-15 10:05
Fetched: 2025-05-15 10:43
Read Original Article

Summary

A cyber espionage operation, attributed to the Russia-linked group APT28, has targeted government webmail servers using cross-site scripting (XSS) vulnerabilities. The attack exploited a zero-day vulnerability in MDaemon, along with flaws in other platforms like Roundcube, Horde, and Zimbra. Dubbed Operation RoundPress by ESET, the campaign began in 2023, highlighting the persistent threat of state-sponsored cyber activities. The exploitation of zero-day vulnerabilities underscores the critical need for timely patch management and robust security measures to protect sensitive government communications. This incident serves as a stark reminder of the evolving tactics employed by threat actors to compromise critical infrastructure.

LinkedIn Post

Russia-linked APT28 exploited a zero-day in MDaemon to hack government webmail servers. Operation RoundPress highlights the need for robust security measures against state-sponsored cyber threats. #CyberSecurity #APT28 #ZeroDay #WebmailSecurity

Content

A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET. The activity, which commenced in 2023, has been codenamed Operation RoundPress by the Slovak cybersecurity company. It has