China-Linked Hacking Group Targets US and Canadian Universities with Webmail Breaches

A sophisticated China-linked hacking group, known as UNK_MassTraction, has been identified as the perpetrator behind a string of webmail breaches at university physics and engineering departments in the United States and Canada. According to cybersecurity firm Proofpoint, the group has been using custom tools to gain unauthorized access to email servers and steal staff login details, creating a potential backdoor for Beijing to access sensitive research and defense-related projects.

UNK_MassTraction, a group linked to China’s Ministry of State Security (MSS), has been active since 2020, with previous incidents targeting various organizations in the United States, Canada, and Europe. The group’s tactics, tactics, and procedures (TTPs) have been observed to be highly sophisticated, indicating a significant level of resources and expertise.

The current campaign, which appears to be ongoing, involves compromising webmail systems of university staff members, primarily those engaged in physics and engineering research. By obtaining login credentials, the hackers are able to leverage the compromised email servers as gateways for surveillance, allowing them to search through internal systems and messages in real-time.

“This is a concerning development, as university research networks often house sensitive information related to cutting-edge projects, which could have significant implications for national security and economic interests,” said a Statement from Proofpoint’s threat intelligence team.

The attackers’ tools have been observed to be highly customized, suggesting a tailored approach to the university environments they are targeting. This tailored approach raises concerns regarding the potential theft of valuable research and the intellectual property associated with it.

” Universities need to be vigilant in protecting their networks and implementing robust email security measures to prevent such breaches,” a cybersecurity expert noted. “Early detection and incident response are crucial in limiting the damage caused by these types of sophisticated hacking groups.”

The incident highlights the importance of robust cybersecurity measures for educational institutions, particularly those involved in sensitive research projects. As the global threat landscape continues to evolve, universities must remain proactive in mitigating potential risks and protecting their research networks from sophisticated hacking groups like UNK_MassTraction.