Russia-Linked APT28 Exploits Webmail Servers in Operation RoundPress

A cyberespionage group linked to Russia, known as APT28, has exploited cross-site scripting (XSS) vulnerabilities in webmail servers such as Roundcube, Horde, MDaemon, and Zimbra, including a zero-day flaw in MDaemon. This operation, dubbed Operation RoundPress by ESET, began in 2023. The attacks targeted governmental webmail servers.