Latest news with #Horde
Yahoo
21-05-2025
- Yahoo
ESET Research uncovers Operation RoundPress: Russia-aligned Sednit targets entities linked to the Ukraine war to steal confidential data
ESET researchers uncovered the Operation RoundPress espionage campaign, with Russia-aligned Sednit group most likely behind it. In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim's webmail page. It targets Roundcube, Horde, MDaemon, and Zimbra webmail software. Most victims are governmental entities and defense companies in Eastern Europe, although ESET has observed governments in Africa, Europe, and South America being targeted as well. The payloads are able to steal webmail credentials, and exfiltrate contacts and email messages from the victim's mailbox. Additionally, is able to set up a bypass for two-factor authentication. MONTREAL and BRATISLAVA, Slovakia, May 20, 2025 (GLOBE NEWSWIRE) -- ESET researchers have uncovered a Russia-aligned espionage operation, which ESET named RoundPress, targeting webmail servers via XSS vulnerabilities. Behind it is most likely the Russia-aligned Sednit (also known as Fancy Bear or APT28) cyberespionage group, holding the ultimate goal of stealing confidential data from specific email accounts. Most of the targets are related to the current war in Ukraine; they are either Ukrainian governmental entities or defense companies in Bulgaria and Romania. Notably, some of these defense companies are producing Soviet-era weapons to be sent to Ukraine. Other targets include African, EU, and South American governments. 'Last year, we observed different XSS vulnerabilities being used to target additional webmail software: Horde, MDaemon, and Zimbra. Sednit also started to use a more recent vulnerability in Roundcube, CVE-2023-43770. The MDaemon vulnerability — CVE-2024-11182, now patched — was a zero day, most likely discovered by Sednit, while the ones for Horde, Roundcube, and Zimbra were already known and patched,' says ESET researcher Matthieu Faou, who discovered and investigated Operation RoundPress. Sednit sends these XSS exploits by email; the exploits lead to the execution of malicious JavaScript code in the context of the webmail client web page running in a browser window. Therefore, only data accessible from the target's account can be read and exfiltrated. In order for the exploit to work, the target must be convinced to open the email message in the vulnerable webmail portal. This means that the email needs to bypass any spam filtering, and the subject line needs to be convincing enough to entice the target into reading the email message — abusing well-known news media such as Ukrainian news outlet Kyiv Post or Bulgarian news portal Among the headlines used as spearphishing were: 'SBU arrested a banker who worked for enemy military intelligence in Kharkiv' and 'Putin seeks Trump's acceptance of Russian conditions in bilateral relations'. The attackers unleash JavaScript payloads and upon the targets. Those are capable of credential stealing; exfiltration of the address book, contacts, and log-in history; and exfiltration of email messages. is able to set up a bypass for two-factor authentication protection; it exfiltrates the two-factor authentication secret and creates an app password, which enables the attackers to access the mailbox from a mail application. 'Over the past two years, webmail servers such as Roundcube and Zimbra have been a major target for several espionage groups, including Sednit, GreenCube, and Winter Vivern. Because many organizations don't keep their webmail servers up to date, and because the vulnerabilities can be triggered remotely by sending an email message, it is very convenient for attackers to target such servers for email theft,' explains Faou. The Sednit group — also known as APT28, Fancy Bear, Forest Blizzard, or Sofacy — has been operating since at least 2004. The U.S. Department of Justice named the group as one of those responsible for the Democratic National Committee (DNC) hack just before the 2016 U.S. elections and linked the group to the GRU. The group is also presumed to be behind the hacking of global television network TV5Monde, the World Anti-Doping Agency (WADA) email leak, and many other incidents. For a more detailed analysis and technical breakdown of Sednit's tools used in Operation RoundPress, check out the latest ESET Research blogpost 'Operation RoundPress' on Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research. About ESET ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown — securing businesses, critical infrastructure, and individuals. Whether it's endpoint, cloud, or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit or follow our social media, podcasts and blogs. A photo accompanying this announcement is available at CONTACT: Media contact: Jessica Beffa Head of PR and Communications, North America (619) 876-5677
Yahoo
20-05-2025
- Yahoo
ESET Research uncovers Operation RoundPress: Russia-aligned Sednit targets entities linked to the Ukraine war to steal confidential data
ESET researchers uncovered the Operation RoundPress espionage campaign, with Russia-aligned Sednit group most likely behind it. In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim's webmail page. It targets Roundcube, Horde, MDaemon, and Zimbra webmail software. Most victims are governmental entities and defense companies in Eastern Europe, although ESET has observed governments in Africa, Europe, and South America being targeted as well. The payloads are able to steal webmail credentials, and exfiltrate contacts and email messages from the victim's mailbox. Additionally, is able to set up a bypass for two-factor authentication. MONTREAL and BRATISLAVA, Slovakia, May 20, 2025 (GLOBE NEWSWIRE) -- ESET researchers have uncovered a Russia-aligned espionage operation, which ESET named RoundPress, targeting webmail servers via XSS vulnerabilities. Behind it is most likely the Russia-aligned Sednit (also known as Fancy Bear or APT28) cyberespionage group, holding the ultimate goal of stealing confidential data from specific email accounts. Most of the targets are related to the current war in Ukraine; they are either Ukrainian governmental entities or defense companies in Bulgaria and Romania. Notably, some of these defense companies are producing Soviet-era weapons to be sent to Ukraine. Other targets include African, EU, and South American governments. 'Last year, we observed different XSS vulnerabilities being used to target additional webmail software: Horde, MDaemon, and Zimbra. Sednit also started to use a more recent vulnerability in Roundcube, CVE-2023-43770. The MDaemon vulnerability — CVE-2024-11182, now patched — was a zero day, most likely discovered by Sednit, while the ones for Horde, Roundcube, and Zimbra were already known and patched,' says ESET researcher Matthieu Faou, who discovered and investigated Operation RoundPress. Sednit sends these XSS exploits by email; the exploits lead to the execution of malicious JavaScript code in the context of the webmail client web page running in a browser window. Therefore, only data accessible from the target's account can be read and exfiltrated. In order for the exploit to work, the target must be convinced to open the email message in the vulnerable webmail portal. This means that the email needs to bypass any spam filtering, and the subject line needs to be convincing enough to entice the target into reading the email message — abusing well-known news media such as Ukrainian news outlet Kyiv Post or Bulgarian news portal Among the headlines used as spearphishing were: 'SBU arrested a banker who worked for enemy military intelligence in Kharkiv' and 'Putin seeks Trump's acceptance of Russian conditions in bilateral relations'. The attackers unleash JavaScript payloads and upon the targets. Those are capable of credential stealing; exfiltration of the address book, contacts, and log-in history; and exfiltration of email messages. is able to set up a bypass for two-factor authentication protection; it exfiltrates the two-factor authentication secret and creates an app password, which enables the attackers to access the mailbox from a mail application. 'Over the past two years, webmail servers such as Roundcube and Zimbra have been a major target for several espionage groups, including Sednit, GreenCube, and Winter Vivern. Because many organizations don't keep their webmail servers up to date, and because the vulnerabilities can be triggered remotely by sending an email message, it is very convenient for attackers to target such servers for email theft,' explains Faou. The Sednit group — also known as APT28, Fancy Bear, Forest Blizzard, or Sofacy — has been operating since at least 2004. The U.S. Department of Justice named the group as one of those responsible for the Democratic National Committee (DNC) hack just before the 2016 U.S. elections and linked the group to the GRU. The group is also presumed to be behind the hacking of global television network TV5Monde, the World Anti-Doping Agency (WADA) email leak, and many other incidents. For a more detailed analysis and technical breakdown of Sednit's tools used in Operation RoundPress, check out the latest ESET Research blogpost 'Operation RoundPress' on Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research. About ESET ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown — securing businesses, critical infrastructure, and individuals. Whether it's endpoint, cloud, or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit or follow our social media, podcasts and blogs. A photo accompanying this announcement is available at CONTACT: Media contact: Jessica Beffa Head of PR and Communications, North America (619) 876-5677Sign in to access your portfolio
Techday NZ
16-05-2025
- Techday NZ
Russian group Sednit using webmail flaws to target Ukraine allies
ESET researchers have identified an espionage campaign dubbed Operation RoundPress, which targets webmail servers using cross-site scripting (XSS) vulnerabilities and is most likely orchestrated by the Russia-aligned Sednit group. Operation RoundPress leverages spearphishing emails that exploit vulnerabilities in popular webmail platforms, including Roundcube, Horde, MDaemon, and Zimbra, to deliver malicious JavaScript payloads directly into victims' webmail pages. The primary focus of the campaign appears to be governmental entities and defence companies linked to the ongoing conflict in Ukraine. ESET has reported that many of the affected defence companies in Bulgaria and Romania are actively engaged in producing Soviet-era weapons for shipment to Ukraine. ESET's research also notes that other government-related targets span across Africa, the European Union, and South America, highlighting the international reach of the campaign. Matthieu Faou, ESET Researcher, explained the technical nature of the attacks, stating: "Last year, we observed different XSS vulnerabilities being used to target additional webmail software: Horde, MDaemon, and Zimbra. Sednit also started to use a more recent vulnerability in Roundcube, CVE-2023-43770. The MDaemon vulnerability — CVE-2024-11182, now patched — was a zero day, most likely discovered by Sednit, while the ones for Horde, Roundcube, and Zimbra were already known and patched." According to ESET, Sednit sends emails containing XSS exploits, which, once opened by the target in a vulnerable webmail portal, execute malicious JavaScript in the context of the user's session. This technique gives attackers access to only the data available through the compromised account, such as credentials, contacts, and email messages. The success of this form of attack relies on convincing recipients to open the malicious email in their webmail client. The spearphishing emails are crafted to evade spam filters and employ credible subject lines mimicking news headlines. ESET's findings identified fake headlines such as: "SBU arrested a banker who worked for enemy military intelligence in Kharkiv" and "Putin seeks Trump's acceptance of Russian conditions in bilateral relations". The emails often cited well-known news outlets like Ukraine's Kyiv Post and Bulgaria's to increase believability. ESET reports that various JavaScript payloads, including and are deployed depending on the targeted platform. These tools are able to steal webmail credentials, exfiltrate contact lists and address books, and access email correspondence. Of particular note, the variant can bypass two-factor authentication protections by extracting the authentication secret and creating an app-specific password, permitting attackers direct mailbox access via a mail application. Faou expanded further on the attackers' motivations and the vulnerabilities exploited, adding: "Over the past two years, webmail servers such as Roundcube and Zimbra have been a major target for several espionage groups, including Sednit, GreenCube, and Winter Vivern. Because many organizations don't keep their webmail servers up to date, and because the vulnerabilities can be triggered remotely by sending an email message, it is very convenient for attackers to target such servers for email theft." The Sednit group, also known as APT28, Fancy Bear, Forest Blizzard, or Sofacy, has a documented history of cyberespionage dating back to at least 2004. The group has been previously named by the U.S. Department of Justice as responsible for the Democratic National Committee breach preceding the 2016 U.S. elections and has links to the GRU, Russia's military intelligence agency. Other high-profile attacks attributed to Sednit include the compromise of TV5Monde, the World Anti-Doping Agency email leak, among other incidents.
India Gazette
02-05-2025
- Politics
- India Gazette
From the Mongols to NATO: Heres the real Russian doctrine
Moscows global playbook is shaped by history and focused on survival "Only crows fly straight," goes an old saying from the Vladimir-Suzdal region, where the revival of the Russian state began after the devastation of the Mongol invasion in the 13th century. Within 250 years, a powerful state emerged in Eastern Europe, its independence and decision-making unquestioned by others. From its earliest days, Russia's foreign policy culture has been shaped by a single goal: to preserve the nation's ability to determine its own future. The methods have varied, but a few constants remain: no fixed strategies, no binding ideologies, and an ability to surprise opponents. Unlike European or Asian powers, Russia never needed rigid doctrines; its vast, unpredictable geography - and its instinct for unorthodox solutions - made that unnecessary. Yet this distinctive foreign policy culture did not develop overnight. Before the mid-13th century, Russia's trajectory looked much like the rest of Eastern Europe's. Fragmented and inward-looking, its city-states had little reason to unify. Geography and climate kept them largely self-contained. It could have ended up like other Slavic nations, eventually dominated by German or Turkish powers. But then came what Nikolay Gogol called a "wonderful event": the 1237 Mongol invasion. Russia's strongest state centers were obliterated. This catastrophe, paradoxically, gave rise to two defining features of Russian statehood: a reason to unify and a deep-seated pragmatism. For 250 years, Russians paid tribute to the Golden Horde but were never its slaves. The relationship with the Horde was a constant struggle - clashes alternating with tactical cooperation. It was during this period that the "sharp sword of Moscow" was forged: a state that functioned as a military organization, always blending conflict and diplomacy. War and peace merged seamlessly, without the moral dilemmas that often paralyze others. These centuries also forged another trait of Russian thinking: the strength of the adversary is irrelevant to the legitimacy of its demands. Unlike the Western Hobbesian notion that might makes right, Russians have historically viewed force as just one factor - not the determinant of truth. A 16th-century song about a Crimean Khan's raid sums it up: he is called both a "tsar" for his military power and a "dog" for lacking justice. Similarly, after the Cold War, Russia recognized Western power - but not the righteousness of its actions. Demographics have always been a challenge, driven by climate and geography. Russia's population did not match that of France until the late 18th century, despite covering an area many times larger than Western Europe. And crucially, Russia has never relied on external allies. Its foreign policy rests on the understanding that no one else will solve its problems - a lesson learned through bitter experience. Yet Russia has always been a reliable ally to others. A pivotal moment came in the mid-15th century, when Grand Duke Vasily Vasilyevich settled Kazan princes on Russia's eastern borders. This marked the beginning of Russia's multi-ethnic statehood, where loyalty - not religion - was the key requirement. Unlike Western Europe, where the church dictated social order, Russia's statehood grew as a mosaic of ethnic and religious groups, all unified by a shared commitment to defense. This pragmatism - welcoming Christians, Muslims, and others alike - set Russia apart. Spain's rulers completed the Reconquista by expelling or forcibly converting Jews and Muslims; Russia integrated its minorities, allowing them to serve and prosper without renouncing their identities. Today, Russia's foreign policy still draws on these deep traditions. Its core priority remains the same: defending sovereignty and retaining freedom of choice in a volatile world. And true to form, Russia resists doctrinaire strategies. Fixed doctrines require fixed ideologies - something historically alien to Russia. Russia also rejects the idea of "eternal enemies." The Mongol Horde, once its deadliest foe, was absorbed within decades of its collapse. Its nobles merged with Russian aristocracy, its cities became Russian cities. No other country has fully absorbed such a formidable rival. Even Poland, a centuries-long adversary, was eventually diminished not by decisive battles but by sustained pressure. Victory for Russia has never been about glory - it's about achieving objectives. Often, this means exhausting adversaries rather than crushing them outright. The Mongols were defeated in 1480 without a single major battle. Similarly, Poland was gradually reduced in stature over centuries of relentless pressure. This mindset explains Russia's readiness to negotiate at every stage: politics always outweighs military concerns. Foreign and domestic policy are inseparable, and every foreign venture is also a bid to strengthen internal cohesion, just as the medieval princes of Moscow used external threats to unite the Russian lands. Today's geopolitical landscape is shifting again. The West - led by the United States - remains powerful, but no longer omnipotent. China is expanding its influence, though cautiously. Western Europe, historically Russia's main threat, is losing its relevance, unable to define a vision for its own future. Russia, the US and China all possess that vision - and in the coming decades, their triangular relationship will shape global politics. India may join this elite circle in time, but for now, it still lags behind. Does this mean Russia will pivot fully eastward? Unlikely. Classical geopolitics teaches that the main focus must remain where the primary threat lies. Western Europe may no longer be the center of global politics, but it remains the crucial frontier, the dividing line between Russia and American power. Still, the real opportunities lie in Eurasia. Peaceful, prosperous ties with eastern neighbors are essential for Russia's internal development. That, ultimately, is what will provide the resources for Russia's most cherished goal: the freedom to chart its own course. This article was first published by 'Expert' magazine and was translated and edited by the RT team. (
Russia Today
02-05-2025
- Politics
- Russia Today
From the Mongols to NATO: Here's the real Russian doctrine
'Only crows fly straight,' goes an old saying from the Vladimir-Suzdal region, where the revival of the Russian state began after the devastation of the Mongol invasion in the 13th century. Within 250 years, a powerful state emerged in Eastern Europe, its independence and decision-making unquestioned by others. From its earliest days, Russia's foreign policy culture has been shaped by a single goal: to preserve the nation's ability to determine its own future. The methods have varied, but a few constants remain: no fixed strategies, no binding ideologies, and an ability to surprise opponents. Unlike European or Asian powers, Russia never needed rigid doctrines; its vast, unpredictable geography – and its instinct for unorthodox solutions – made that unnecessary. Yet this distinctive foreign policy culture did not develop overnight. Before the mid-13th century, Russia's trajectory looked much like the rest of Eastern Europe's. Fragmented and inward-looking, its city-states had little reason to unify. Geography and climate kept them largely self-contained. It could have ended up like other Slavic nations, eventually dominated by German or Turkish powers. But then came what Nikolay Gogol called a 'wonderful event': the 1237 Mongol invasion. Russia's strongest state centers were obliterated. This catastrophe, paradoxically, gave rise to two defining features of Russian statehood: a reason to unify and a deep-seated pragmatism. For 250 years, Russians paid tribute to the Golden Horde but were never its slaves. The relationship with the Horde was a constant struggle – clashes alternating with tactical cooperation. It was during this period that the 'sharp sword of Moscow' was forged: a state that functioned as a military organization, always blending conflict and diplomacy. War and peace merged seamlessly, without the moral dilemmas that often paralyze others. These centuries also forged another trait of Russian thinking: the strength of the adversary is irrelevant to the legitimacy of its demands. Unlike the Western Hobbesian notion that might makes right, Russians have historically viewed force as just one factor – not the determinant of truth. A 16th-century song about a Crimean Khan's raid sums it up: he is called both a 'tsar' for his military power and a 'dog' for lacking justice. Similarly, after the Cold War, Russia recognized Western power – but not the righteousness of its actions. Demographics have always been a challenge, driven by climate and geography. Russia's population did not match that of France until the late 18th century, despite covering an area many times larger than Western Europe. And crucially, Russia has never relied on external allies. Its foreign policy rests on the understanding that no one else will solve its problems – a lesson learned through bitter experience. Yet Russia has always been a reliable ally to others. A pivotal moment came in the mid-15th century, when Grand Duke Vasily Vasilyevich settled Kazan princes on Russia's eastern borders. This marked the beginning of Russia's multi-ethnic statehood, where loyalty – not religion – was the key requirement. Unlike Western Europe, where the church dictated social order, Russia's statehood grew as a mosaic of ethnic and religious groups, all unified by a shared commitment to defense. This pragmatism – welcoming Christians, Muslims, and others alike – set Russia apart. Spain's rulers completed the Reconquista by expelling or forcibly converting Jews and Muslims; Russia integrated its minorities, allowing them to serve and prosper without renouncing their identities. Today, Russia's foreign policy still draws on these deep traditions. Its core priority remains the same: defending sovereignty and retaining freedom of choice in a volatile world. And true to form, Russia resists doctrinaire strategies. Fixed doctrines require fixed ideologies – something historically alien to Russia. Russia also rejects the idea of 'eternal enemies.' The Mongol Horde, once its deadliest foe, was absorbed within decades of its collapse. Its nobles merged with Russian aristocracy, its cities became Russian cities. No other country has fully absorbed such a formidable rival. Even Poland, a centuries-long adversary, was eventually diminished not by decisive battles but by sustained pressure. Victory for Russia has never been about glory – it's about achieving objectives. Often, this means exhausting adversaries rather than crushing them outright. The Mongols were defeated in 1480 without a single major battle. Similarly, Poland was gradually reduced in stature over centuries of relentless pressure. This mindset explains Russia's readiness to negotiate at every stage: politics always outweighs military concerns. Foreign and domestic policy are inseparable, and every foreign venture is also a bid to strengthen internal cohesion, just as the medieval princes of Moscow used external threats to unite the Russian lands. Today's geopolitical landscape is shifting again. The West – led by the United States – remains powerful, but no longer omnipotent. China is expanding its influence, though cautiously. Western Europe, historically Russia's main threat, is losing its relevance, unable to define a vision for its own future. Russia, the US and China all possess that vision – and in the coming decades, their triangular relationship will shape global politics. India may join this elite circle in time, but for now, it still lags behind. Does this mean Russia will pivot fully eastward? Unlikely. Classical geopolitics teaches that the main focus must remain where the primary threat lies. Western Europe may no longer be the center of global politics, but it remains the crucial frontier, the dividing line between Russia and American power. Still, the real opportunities lie in Eurasia. Peaceful, prosperous ties with eastern neighbors are essential for Russia's internal development. That, ultimately, is what will provide the resources for Russia's most cherished goal: the freedom to chart its own article was first published by 'Expert' magazine and was translated and edited by the RT team.
