OTX Bot<p>Operation RoundPress targeting high-value webmail servers</p><p>ESET researchers have uncovered a Russia-aligned espionage operation named RoundPress, targeting high-value webmail servers through XSS vulnerabilities. The campaign, attributed to the Sednit group, aims to steal confidential data from specific email accounts. Initially focused on Roundcube in 2023, the operation expanded to include Horde, MDaemon, and Zimbra in 2024. The attackers exploit various vulnerabilities, including a zero-day in MDaemon, to inject malicious JavaScript code into victims' webmail pages. Targets include governmental entities and defense companies in Eastern Europe, with some victims in Africa, Europe, and South America. The malware, known as SpyPress, can steal webmail credentials, exfiltrate contacts and email messages, and in some cases, bypass two-factor authentication.</p><p>Pulse ID: 6829772f15beb81385e3cc8d<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6829772f15beb81385e3cc8d" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68297</span><span class="invisible">72f15beb81385e3cc8d</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-18 05:59:11</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Africa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Africa</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ESET" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ESET</span></a> <a href="https://social.raytec.co/tags/EasternEurope" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EasternEurope</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/Espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Espionage</span></a> <a href="https://social.raytec.co/tags/Europe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Europe</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Java</span></a> <a href="https://social.raytec.co/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JavaScript</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://social.raytec.co/tags/SouthAmerica" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SouthAmerica</span></a> <a href="https://social.raytec.co/tags/Webmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Webmail</span></a> <a href="https://social.raytec.co/tags/XSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XSS</span></a> <a href="https://social.raytec.co/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZeroDay</span></a> <a href="https://social.raytec.co/tags/Zimbra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zimbra</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>