Global Courant
Suspected state-backed Chinese hackers used a vulnerability in a popular email security device to break into the networks of hundreds of public and private sector organizations worldwide, nearly a third of them government agencies, including state ministries, the cybersecurity firm said. Mandatory Thursday.
“This is the broadest cyber-espionage campaign known to have been carried out by a China-nexus threat actor since the massive exploitation of Microsoft Exchange in early 2021,” said Charles Carmakal, Mandiant’s technical director, in an emailed statement. That hack compromised tens of thousands of computers worldwide.
In a blog post on Thursday, Google-owned Mandiant expressed “high confidence” that the group that exploited a software flaw in Barracuda Networks’ Email Security Gateway was involved in “espionage activities in support of the People’s Republic of China.” It said the activity started as early as October.
The hackers sent emails with malicious file attachments to gain access to targeted organizations’ devices and data, Mandiant said. Of those organizations, 55% came from the Americas, 22% from Asia-Pacific, and 24% from Europe, the Middle East, and Africa, including Southeast Asian foreign ministries, foreign trade agencies, and academic organizations in Taiwan and Hong Kong. said the company.
Mandiant said the majority impact in America may reflect, in part, the geography of Barracuda’s customer base.
Barracuda announced on June 6 that some of its email security equipment had been hacked as far back as October, giving the intruders a back door to compromised networks. The hack was so serious that the California company recommended replacing the devices completely.
After the discovery in mid-May, Barracuda released containment and remediation patches, but the hacking group, which Mandiant identifies as UNC4841, changed their malware to try to maintain access, Mandiant said. The group then responded with high-frequency operations targeting a number of victims in at least 16 different countries.
Mandiant said the targeting at both the organizational and individual account levels focused on issues that have high policy priorities for China, particularly in the Asia-Pacific region. It said the hackers sought email accounts of people who worked for governments of political or strategic importance to China at the time they took part in diplomatic meetings with other countries.
In an emailed statement on Thursday, Barracuda said about 5% of its active Email Security Gateway appliances worldwide showed signs of a potential attack. It said it was providing free replacement devices to affected customers.
The US government has accused Beijing of being the leading cyber-espionage threat, with state-backed Chinese hackers stealing data from both the private and public sectors.
China says the US is also engaging in cyber espionage against China, hacking computers at its universities and companies.
——
AP Business Writer Zen Soo contributed from Hong Kong.