A China-linked threat group has been targeting vulnerable Roundcube servers at universities in the US and Canada, exploiting a flaw to gain unauthorized access and spy on academic researchers. The attackers have been using the vulnerability to steal login credentials and deploy backdoor malware, allowing them to maintain persistence on compromised systems. The campaign highlights the risks associated with unpatched web applications, particularly those used by institutions with sensitive research activities. The threat group's tactics have enabled them to intercept sensitive information and monitor researcher activities, potentially giving them an upper hand in intellectual property theft and espionage1. This incident matters to cybersecurity practitioners because it underscores the importance of regularly updating and securing web-based applications, especially those used by high-value targets such as academic researchers.