ESET uncovers Operation RoundPress targeting webmail software to steal secrets from governmental organizations in Ukraine and defense contractors in the EU
Published on: 15 May 2025
ESET researchers have uncovered a cyberespionage campaign known as Operation RoundPress. This operation exploits cross-site scripting (XSS) vulnerabilities, including a zero-day XSS flaw in MDaemon webmail software, to extract confidential information from specific email accounts associated with officials from governmental organizations in Ukraine and defense contractors across Europe and beyond.
Named RoundPress by ESET, this cyberattack is believed to be orchestrated by the Sednit APT group, which has ties to Russia. Initially focusing on Roundcube, the attackers later broadened their scope to target other webmail software like Horde, MDaemon, and Zimbra. Remarkably, in some instances, the perpetrators managed to bypass two-factor authentication (2FA).
To delve deeper into the tactics, techniques, and procedures employed in this operation, watch the informative video featuring ESET’s Chief Security Evangelist Tony Anscombe and explore the complete blog post for further insights.
Stay connected with us on Facebook, X, LinkedIn, and Instagram.
