Suspected state-backed Chinese hackers used a security loophole in a popular e-mail security appliance to break into the networks of hundreds of public and private-sector organizations globally — nearly a third of them government agencies, including foreign ministries — cybersecurity firm Mandiant said on Thursday.
“This is the broadest cyberespionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Mandiant chief financial officer Charles Carmakal said in an e-mailed statement.
That hack compromised tens of thousands of computers globally.
Photo: AP
In a blog post on Thursday, Google-owned Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks’ E-mail Security Gateway was engaged in “espionage activity in support of the People’s Republic of China.”
It said the activity began as early as October last year.
The hackers sent e-mails containing malicious attachments to gain access to targeted organizations’ devices and data, Mandiant said.
Of those organizations, 55 percent were from the Americas, 22 percent from the Asia-Pacific region and 24 percent from Europe, the Middle East and Africa.
They included foreign ministries in Southeast Asia, and foreign trade offices and academic organizations in Taiwan and Hong Kong, the company said.
Barracuda on Tuesday last week announced that some of its e-mail security appliances had been hacked as early as October, giving the intruders a back door into compromised networks.
The hack was so severe that the California company recommended fully replacing the appliances.
After discovering it in the middle of last month, Barracuda released containment and remediation patches.
However, the hacking group, which Mandiant identifies as UNC4841, altered their malware to try to maintain access, Mandiant said.
The group “countered with high-frequency operations targeting a number of victims located in at least 16 different countries,” it said.
Word of the breach emerged as US Secretary of State Antony Blinken departs for China this weekend as part of US President Joe Biden’s push to repair deteriorating ties between Washington and Beijing.
His visit had initially been planned for early this year, but was postponed indefinitely after the discovery and shooting down of what the US said was a Chinese spy balloon over the US.
Mandiant said the targeting at the organizational and individual levels focused on issues that are high policy priorities for China, particularly in the Asia-Pacific region.
It said the hackers searched for e-mail accounts of people working for governments of political or strategic interest to China at the time they were participating in diplomatic meetings with other countries.
Chinese Ministry of Foreign Affairs spokesman Wang Wenbin (汪文斌) responded to the report, saying that the “content is far-fetched and unprofessional.”
“American cybersecurity companies continue to churn out reports on so-called cyberattacks by other countries, which have been reduced to accomplices for the US government’s political smear against other countries,” Wang said.
AT RISK: The council reiterated that people should seriously consider the necessity of visiting China, after Beijing passed 22 guidelines to punish ‘die-hard’ separatists The Mainland Affairs Council (MAC) has since Jan. 1 last year received 65 petitions regarding Taiwanese who were interrogated or detained in China, MAC Minister Chiu Chui-cheng (邱垂正) said yesterday. Fifty-two either went missing or had their personal freedoms restricted, with some put in criminal detention, while 13 were interrogated and temporarily detained, he said in a radio interview. On June 21 last year, China announced 22 guidelines to punish “die-hard Taiwanese independence separatists,” allowing Chinese courts to try people in absentia. The guidelines are uncivilized and inhumane, allowing Beijing to seize assets and issue the death penalty, with no regard for potential
STILL COMMITTED: The US opposes any forced change to the ‘status quo’ in the Strait, but also does not seek conflict, US Secretary of State Marco Rubio said US President Donald Trump’s administration released US$5.3 billion in previously frozen foreign aid, including US$870 million in security exemptions for programs in Taiwan, a list of exemptions reviewed by Reuters showed. Trump ordered a 90-day pause on foreign aid shortly after taking office on Jan. 20, halting funding for everything from programs that fight starvation and deadly diseases to providing shelters for millions of displaced people across the globe. US Secretary of State Marco Rubio, who has said that all foreign assistance must align with Trump’s “America First” priorities, issued waivers late last month on military aid to Israel and Egypt, the
‘UNITED FRONT’ FRONTS: Barring contact with Huaqiao and Jinan universities is needed to stop China targeting Taiwanese students, the education minister said Taiwan has blacklisted two Chinese universities from conducting academic exchange programs in the nation after reports that the institutes are arms of Beijing’s United Front Work Department, Minister of Education Cheng Ying-yao (鄭英耀) said in an exclusive interview with the Chinese-language Liberty Times (the Taipei Times’ sister paper) published yesterday. China’s Huaqiao University in Xiamen and Quanzhou, as well as Jinan University in Guangzhou, which have 600 and 1,500 Taiwanese on their rolls respectively, are under direct control of the Chinese government’s political warfare branch, Cheng said, citing reports by national security officials. A comprehensive ban on Taiwanese institutions collaborating or
France’s nuclear-powered aircraft carrier and accompanying warships were in the Philippines yesterday after holding combat drills with Philippine forces in the disputed South China Sea in a show of firepower that would likely antagonize China. The Charles de Gaulle on Friday docked at Subic Bay, a former US naval base northwest of Manila, for a break after more than two months of deployment in the Indo-Pacific region. The French carrier engaged with security allies for contingency readiness and to promote regional security, including with Philippine forces, navy ships and fighter jets. They held anti-submarine warfare drills and aerial combat training on Friday in
RSS