According to Proofpoint, the attackers sought to steal sensitive data from engineering departments connected to national security, as well as from astrophysics and particle physics units.

Radio-Canada reported on July 7, 2026, that a China-linked cybercrime group had, according to a Proofpoint report, targeted the physics and engineering departments of Canadian and U.S. universities. The attackers exploited known vulnerabilities in the Roundcube webmail software to steal login credentials, compromise servers, and exfiltrate sensitive information.

According to Proofpoint, the campaign specifically targeted astrophysics and particle physics units, as well as engineering departments associated with the national security sector. The researchers did not disclose the names of the affected universities or the nature of the data that may have been stolen.

Proofpoint stated that the tactics of the cybercrime group, dubbed “UNK_MassTraction,” “display characteristics consistent with operations conducted in support of China,” while noting that it could not conclusively determine any direct affiliation.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.