home.social

#reshell — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #reshell, aggregated by home.social.

fetched live
  1. One Email Closer to the Edge: UNK_MassTraction & the Physics of Exploitation

    Since May 2026, a suspected China-aligned threat cluster named UNK_MassTraction has been exploiting Roundcube mailservers at physics and engineering departments of US and Canadian universities. The campaigns exploit multiple n-day vulnerabilities including CVE-2024-42009 and CVE-2025-49113 to steal credentials and deploy either a webshell called SquareShell or the VShell backdoor into server memory. The actor uses an initial cross-site scripting vulnerability to execute JavaScript, then deploys IceCube stealer to harvest authentication material before pivoting server-side through deserialization exploits. The operators deliberately crafted their infection chain with mature tooling to avoid detection, using Roundcube servers as pivot points to enter target networks. The targeting focuses on departments with national security ties or those studying astrophysics and particle physics.

    Pulse ID: 6a4cc5e62f81e1c341eba563
    Pulse Link: otx.alienvault.com/pulse/6a4cc
    Pulse Author: AlienVault
    Created: 2026-07-07 09:24:54

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Canadian #China #CyberSecurity #Edge #Email #ICS #InfoSec #Java #JavaScript #OTX #OpenThreatExchange #RAT #RESHELL #Vulnerability #bot #AlienVault

  2. One Email Closer to the Edge: UNK_MassTraction & the Physics of Exploitation

    Since May 2026, a suspected China-aligned threat cluster named UNK_MassTraction has been exploiting Roundcube mailservers at physics and engineering departments of US and Canadian universities. The campaigns exploit multiple n-day vulnerabilities including CVE-2024-42009 and CVE-2025-49113 to steal credentials and deploy either a webshell called SquareShell or the VShell backdoor into server memory. The actor uses an initial cross-site scripting vulnerability to execute JavaScript, then deploys IceCube stealer to harvest authentication material before pivoting server-side through deserialization exploits. The operators deliberately crafted their infection chain with mature tooling to avoid detection, using Roundcube servers as pivot points to enter target networks. The targeting focuses on departments with national security ties or those studying astrophysics and particle physics.

    Pulse ID: 6a4cc5e62f81e1c341eba563
    Pulse Link: otx.alienvault.com/pulse/6a4cc
    Pulse Author: AlienVault
    Created: 2026-07-07 09:24:54

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Canadian #China #CyberSecurity #Edge #Email #ICS #InfoSec #Java #JavaScript #OTX #OpenThreatExchange #RAT #RESHELL #Vulnerability #bot #AlienVault