Suspected Chinese espionage actors have been infiltrating universities in the US and Canada since May by exploiting vulnerabilities in Roundcube mailservers, targeting administrators and professors in physics and engineering departments. The attackers have been observed stealing sensitive data from these institutions, with Proofpoint threat researchers estimating that the total number of targeted universities could be in the dozens. While the exact scope of the intrusions is unclear, researchers have directly observed less than 10 universities being targeted1. The use of Roundcube mailservers as an entry point suggests that the attackers are seeking to exploit weaknesses in commonly used software to gain access to sensitive information. This campaign highlights the ongoing threat of state-sponsored espionage to academic institutions, particularly those with strong research programs in sensitive fields. The targeting of specific departments and individuals underscores the sophistication and intent of the attackers, making it essential for universities to prioritize email server security.