Sednit abuses XSS flaws to hit gov't entities, defense companies

11 months ago 97
Emergency Loans for business funding and personal get updated jobs at bestpiecejob.co.za Work From Home - Earn Something By Just Working At Home

Video

Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU

Editor

15 May 2025

ESET researchers have discovered a cyberespionage operation that abuses cross-site scripting (XSS) vulnerabilities, including a zero-day XSS flaw in MDaemon webmail software, to steal confidential information from specific email accounts belonging to officials working for various governmental organizations in Ukraine and defense contractors in Europe and on other continents.

Operation RoundPress, so nicknamed by ESET, is most probably the work of the Russia-aligned Sednit APT group, who first took aim at Roundcube, but later expanded its targeting to other webmail software, including Horde, MDaemon, and Zimbra. In some cases, the attackers even circumvented two-factor (2FA) authentication.

What else is there to know about the operation’s tactics, techniques, and procedures? Learn from ESET Chief Security Evangelist Tony Anscombe in the video and make sure to read the full blogpost.

Connect with us on Facebook, XLinkedIn and Instagram.

Let us keep you
up to date

Sign up for our newsletters

Read Entire Article
  1. Homepage
  2. International
  3. Sednit abuses XSS flaws to hit gov't entities, defense companies

Related

How NIST's Cutback of CVE Handling Impacts Cyber Teams

How NIST's Cutback of CVE Handling Impacts Cyber Teams

2 hours ago 0
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

2 hours ago 0
Every Old Vulnerability Is Now an AI Vulnerability

Every Old Vulnerability Is Now an AI Vulnerability

7 hours ago 5
Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs

Coast Guard's New Cybersecurity Rules Offers Lessons for CIS...

8 hours ago 5
Singer loses life savings to fake wallet downloaded from the Apple App Store

Singer loses life savings to fake wallet downloaded from the...

10 hours ago 12
Here's What Agentic AI Can Do With Have I Been Pwned's APIs

Here's What Agentic AI Can Do With Have I Been Pwned's APIs

22 hours ago 6
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities

NIST Revamps CVE Framework to Focus on High-Impact Vulnerabi...

1 day ago 6
North Korea Uses ClickFix to Target macOS Users' Data

North Korea Uses ClickFix to Target macOS Users' Data

1 day ago 9
'Harmless' Global Adware Transforms Into an AV Killer

'Harmless' Global Adware Transforms Into an AV Killer

1 day ago 8
Sometimes changing the password on your email mailbox isn’t enough

Sometimes changing the password on your email mailbox isn’t ...

1 day ago 11
Emergency Loans for business funding and personal Work From Home - Earn Something By Just Working At Home buy or sell