Chinese-linked hackers have broken into email servers at several universities across multiple countries, according to security researchers at Proofpoint. The attackers targeted Roundcube, an open-source webmail system used by institutions to let students and staff access emails online. Proofpoint discovered the intrusions while tracking a group suspected of working for Chinese state interests. The researchers estimate the hackers compromised email accounts at around two dozen to several dozen institutions, though they have not named the specific universities affected.
The attack works by exploiting weaknesses in how Roundcube is set up or maintained. Once inside, the hackers can read emails, steal login credentials, and potentially gather intelligence on research, students, and institutional operations. Universities are attractive targets because they house sensitive research, government-funded projects, and international student data. The breach reveals a gap between how quickly security patches are released and how quickly institutions actually install them.
This is not the first time Chinese-linked groups have targeted universities. Over the past five years, similar campaigns have hit American, European, and Australian institutions. Previous attacks focused on stealing research data, particularly in fields like artificial intelligence, biotechnology, and defense-related work. Universities often struggle with cybersecurity because they prioritize open access to information and have limited IT budgets compared to corporations and government agencies.
The Roundcube vulnerability targeted in this campaign had been known for some time, meaning institutions that kept their systems updated should have been protected. However, many universities operate with older software versions due to the complexity of updating systems that thousands of users depend on daily. The attack underscores a recurring problem in institutional security: the gap between knowing a threat exists and actually defending against it.
Proofpoint has advised affected institutions to check their email logs, reset user passwords, and review what information may have been accessed. The researchers shared technical details with Roundcube developers to ensure faster patching. Universities globally are now reviewing their email security and considering whether their current systems can detect and stop similar intrusions in the future. No statement has been issued by the Chinese government regarding the allegations.
Source: The Register


