Staff Writer
alleged state support Chinese hackers broke into the networks of hundreds of public and private sector companies worldwide, roughly a third of them government entities and foreign ministries, using a security flaw in a well-known email security appliance, the cybersecurity company Mandiant said on Thursday.
Charles Carmakal, chief technical officer of Mandiant, stated in an email that “this is the largest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021.”
Tens of thousands of computers worldwide were hacked.
Mandiant, a Google-owned company, stated in a blog post on Thursday that it had “high confidence” the organization using a software flaw in Barracuda Networks’ Email Security Gateway was carrying out “espionage activity in support of the People’s Republic of China.” It said that the activities started back in October.
In order to access the devices and data of the targeted firms, the hackers sent emails with malicious file attachments, according to Mandiant.
According to the firm, these entities included foreign ministries in Southeast Asia, foreign trade offices, and academic institutions in Taiwan and Hong Kong. Of these, 55% were from the Americas, 22% were from Asia Pacific, and 24% were from Europe, the Middle East, and Africa.
The predominance of the impact in the Americas, according to Mandiant, may partially reflect the location of Barracuda’s clientele.
On June 6, Barracuda revealed that some of its email security products had been breached as early as October, providing hackers with a backdoor into vulnerable networks. Because of how bad the attack was, a California company suggested completely replacing the equipment.
Barracuda delivered containment and remediation fixes after becoming aware of the issue in mid-May, but the hacking organization, known as UNC4841, changed their malware to try to keep access, according to Mandiant. The organization then “responded with frequent operations targeting a number of victims dispersed across at least 16 different nations.”
The targeting, according to Mandiant, was concentrated on topics that are top policy goals for China, notably in the Asia Pacific region, at both the organizational and individual account levels. According to the report, when they were attending diplomatic gatherings with other nations, the hackers looked for email accounts of individuals working for governments that China considered to be of political or strategic relevance.
About 5% of Barracuda’s active Email Security Gateway systems worldwide, the company claimed in an email statement on Thursday, displayed signs of potential compromise. Customers who were impacted would receive free new appliances from the company, it claimed.
According to the U.S. government, Beijing poses the biggest threat to cyberespionage, with Chinese hackers with official support stealing information from both the public and commercial sectors.
China claims that the United States also conducts cyberespionage against it by breaking into the computers of its institutions and businesses.
