Overview

• Fancy Bear, a Russian state-sponsored hacking group, has launched 'Operation RoundPress' to compromise arms suppliers aiding Ukraine.
• The campaign exploits vulnerabilities in popular webmail platforms like Roundcube, Zimbra, Horde, and MDaemon, including a previously unknown MDaemon flaw.
• Hackers used phishing emails disguised as news alerts from sources like Kyiv Post to deploy SpyPress.MDAEMON malware, bypassing two-factor authentication.
• ESET researchers confirmed the malware's ability to harvest credentials, track communications, and maintain persistent access to email accounts.
• Targeted firms, including Soviet-era arms manufacturers in Europe, Africa, and South America, are urged to update outdated webmail servers and enhance cybersecurity measures.