Operation RoundPress
APT28 ongoing campaign exploiting XSS vulnerabilities in webmail platforms including Roundcube, Horde, MDaemon and Zimbra to steal credentials from Ukrainian defence officials, government entities and NATO-aligned contractors. Includes exploitation of CVE-2024-11182 as a zero-day.
Start date
1 January 2023
End date
—
Techniques
0
Indicators of compromise
No IOCs linked to this campaign yet.