Fancy Bear’s Roundcube Rumble: Russian Hackers Spice Up Global Espionage with Mail Server Mayhem!

Beware of Operation RoundPress! APT28, also known as Fancy Bear, is exploiting XSS vulnerabilities in mail servers. These cyber tricksters have been injecting malicious JavaScript to steal credentials from unsuspecting government and defense entities worldwide. Keep your webmail secure, or you might just get a surprise email from Russia, with love.

3P
Published: May 16, 2025 10:14 amAdded: May 16, 2025 at 3:49 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like APT28, aka the “Fancy Bear” of cybercrime, is back on its perennial honey pot hunt—this time, it’s mail servers on the chopping block. They’ve been exploiting XSS vulnerabilities like it’s Black Friday, targeting government and defense entities across the globe. If these mail servers had a Yelp page, they’d be one star and a warning: “Beware—Fancy Bears crossing!”

Key Points:

  • APT28, a Russian state-sponsored group, is exploiting XSS vulnerabilities in mail servers.
  • The campaign, “Operation RoundPress,” targets vulnerable webmail systems like Roundcube, Horde, MDaemon, and Zimbra.
  • Victims’ webmail pages are injected with malicious JavaScript to steal credentials and exfiltrate data.
  • Key vulnerabilities exploited include CVE-2020-35730 and CVE-2023-43770.
  • The attacks majorly target entities associated with the conflict in Ukraine but extend to other regions too.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?