Skip Navigation

Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities in Canada and the U.S.

Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities

Proofpoint researchers said attackers targeted physics and engineering departments, and warn that the campaign is likely ongoing.

China-aligned attackers broke into the networks of U.S. and Canadian universities to steal sensitive data and establish persistent access via webshells and backdoors, Proofpoint threat researchers said Tuesday.

The espionage-motivated attacks targeted physics and engineering departments, focusing on administrators and professors with national security links or organizations researching astrophysics and particle physics.

Proofpoint identified less than 10 university victims and estimates a few dozen universities may be impacted, Greg Lesnewich, principal threat researcher at Proofpoint, told CyberScoop. The company first observed the campaign in May and believes the campaign is ongoing.

“There is a high likelihood that many victims have not been made aware of this activity yet,” Lesnewich added.

...

The engineering aspects do align with China’s strategic initiatives, he added.

...

“China-aligned adversaries have been targeting other types of edge devices such as routers and VPN concentrators for years with various exploits to create a foothold into a target network, not using email for delivery,” Lesnewich said. “This campaign flips that on its head, using email to deliver an exploit chain to compromise a mail server, instead of using email to deliver a credential harvesting URL or malware to target an end user, not a server.”

...

Web Archive link

Comments

0