Hackers with suspected connections to China have launched cyberattacks against universities by taking advantage of security flaws in Roundcube, a popular web-based email system. Security researchers discovered that these attackers are using the email software vulnerabilities to break into university computer systems and spy on academic researchers.
Roundcube is an open-source email program that many organizations use because it allows people to access their email through a web browser. When security weaknesses are found in software like Roundcube, hackers can exploit them to gain unauthorized access to computers and steal information. In this case, the attackers are specifically targeting academic institutions, suggesting they may be interested in research data or intellectual property.
The same group of hackers appears to be using multiple attack strategies. Beyond targeting universities through email software flaws, cybersecurity researchers have identified the group deploying malware called DcRAT through a fake Indian tax filing utility. This deceptive tactic involves creating a fraudulent tax software tool that appears legitimate but secretly installs harmful software on a victim's computer. When someone downloads and runs what they believe is a genuine tax filing program, they actually install malware that gives hackers remote access to their computer.
DcRAT is a type of malware known as a remote access trojan. Once installed, it allows hackers to control an infected computer from a distance, giving them the ability to steal files, monitor activity, and gather sensitive information. This type of attack is particularly dangerous because victims may not realize their computers have been compromised.
The discovery of these interconnected attacks demonstrates how sophisticated threat groups can be in their operations. By using multiple methods—exploiting software vulnerabilities and creating fake utilities—the attackers increase their chances of successfully infiltrating target organizations. Universities are attractive targets because they often conduct cutting-edge research, store valuable intellectual property, and maintain connections with government agencies and private companies.
Cybersecurity experts recommend that universities and other organizations immediately update their Roundcube installations to patch known security vulnerabilities. They also advise users to be cautious when downloading software, verify that applications come from legitimate sources, and maintain strong cybersecurity practices. Organizations should monitor their systems for suspicious activity and ensure their security software is current and detecting known malware threats.