Russian Hackers Launch Major Cyberattack on Popular Webmail Services

A new cyberattack campaign called Operation RoundPress has been uncovered by cybersecurity firm ESET. The attackers, linked to the Russian hacker group Sednit, have targeted widely used webmail services like Roundcube, Horde, MDaemon, and Zimbra—especially those used by government agencies and defense organizations in Eastern Europe.

The hackers used a method called cross-site scripting (XSS) to break into these webmail platforms. They sent carefully crafted phishing emails, often related to news about Ukraine. Just opening one of these emails in a vulnerable webmail service could silently trigger the attack.

Once the system is compromised, the hackers can:

• Steal email credentials

• Access and copy emails, contacts, and login history

• Even bypass two-factor authentication by creating fake app passwords

Why Webmail Was the Target

Webmail is still one of the most commonly used tools in business, especially for small and mid-sized companies. It's affordable, easy to use, and can be accessed from any device with internet. In fact, 36% of users access their emails through webmail, according to Litmus data.

But this popularity comes with risks.

“Many organizations think webmail is secure by default because it’s built by major providers. That’s a dangerous assumption,” ESET said in its report.

Hackers take advantage of this false sense of security by using older, unpatched bugs or finding new ones—also known as zero-day vulnerabilities. That’s exactly what happened with MDaemon, which was one of the targets in this campaign.

The Bigger Picture

A recent 2024 Forrester report warns that 22% of all data breaches from outside attackers come through flaws in web applications—like XSS or SQL injection attacks.

ESET says businesses can protect themselves if they act quickly and stay alert. For example, MDaemon released a security patch just two weeks after being informed. Installing these updates immediately is key.

Companies should also:

• Train employees to recognize phishing scams

• Keep their systems updated

• Use strong cybersecurity tools, like firewalls and antivirus software

ESET’s own software was able to block some of the attacks and stop hackers from stealing data.

Final Warning

ESET’s main message is clear: webmail isn’t a “set-and-forget” tool. As long as it remains a vital part of business communication, companies must treat it with the same care as any other important system—by staying updated, staying aware, and staying protected.