Suspected state-backed Chinese hackers used a security loophole in a popular e-mail security appliance to break into the networks of hundreds of public and private-sector organizations globally — nearly a third of them government agencies, including foreign ministries — cybersecurity firm Mandiant said on Thursday.
“This is the broadest cyberespionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Mandiant chief financial officer Charles Carmakal said in an e-mailed statement.
That hack compromised tens of thousands of computers globally.
Photo: AP
In a blog post on Thursday, Google-owned Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks’ E-mail Security Gateway was engaged in “espionage activity in support of the People’s Republic of China.”
It said the activity began as early as October last year.
The hackers sent e-mails containing malicious attachments to gain access to targeted organizations’ devices and data, Mandiant said.
Of those organizations, 55 percent were from the Americas, 22 percent from the Asia-Pacific region and 24 percent from Europe, the Middle East and Africa.
They included foreign ministries in Southeast Asia, and foreign trade offices and academic organizations in Taiwan and Hong Kong, the company said.
Barracuda on Tuesday last week announced that some of its e-mail security appliances had been hacked as early as October, giving the intruders a back door into compromised networks.
The hack was so severe that the California company recommended fully replacing the appliances.
After discovering it in the middle of last month, Barracuda released containment and remediation patches.
However, the hacking group, which Mandiant identifies as UNC4841, altered their malware to try to maintain access, Mandiant said.
The group “countered with high-frequency operations targeting a number of victims located in at least 16 different countries,” it said.
Word of the breach emerged as US Secretary of State Antony Blinken departs for China this weekend as part of US President Joe Biden’s push to repair deteriorating ties between Washington and Beijing.
His visit had initially been planned for early this year, but was postponed indefinitely after the discovery and shooting down of what the US said was a Chinese spy balloon over the US.
Mandiant said the targeting at the organizational and individual levels focused on issues that are high policy priorities for China, particularly in the Asia-Pacific region.
It said the hackers searched for e-mail accounts of people working for governments of political or strategic interest to China at the time they were participating in diplomatic meetings with other countries.
Chinese Ministry of Foreign Affairs spokesman Wang Wenbin (汪文斌) responded to the report, saying that the “content is far-fetched and unprofessional.”
“American cybersecurity companies continue to churn out reports on so-called cyberattacks by other countries, which have been reduced to accomplices for the US government’s political smear against other countries,” Wang said.
US President Donald Trump yesterday announced sweeping "reciprocal tariffs" on US trading partners, including a 32 percent tax on goods from Taiwan that is set to take effect on Wednesday. At a Rose Garden event, Trump declared a 10 percent baseline tax on imports from all countries, with the White House saying it would take effect on Saturday. Countries with larger trade surpluses with the US would face higher duties beginning on Wednesday, including Taiwan (32 percent), China (34 percent), Japan (24 percent), South Korea (25 percent), Vietnam (46 percent) and Thailand (36 percent). Canada and Mexico, the two largest US trading
AIR SUPPORT: The Ministry of National Defense thanked the US for the delivery, adding that it was an indicator of the White House’s commitment to the Taiwan Relations Act Deputy Minister of National Defense Po Horng-huei (柏鴻輝) and Representative to the US Alexander Yui on Friday attended a delivery ceremony for the first of Taiwan’s long-awaited 66 F-16C/D Block 70 jets at a Lockheed Martin Corp factory in Greenville, South Carolina. “We are so proud to be the global home of the F-16 and to support Taiwan’s air defense capabilities,” US Representative William Timmons wrote on X, alongside a photograph of Taiwanese and US officials at the event. The F-16C/D Block 70 jets Taiwan ordered have the same capabilities as aircraft that had been upgraded to F-16Vs. The batch of Lockheed Martin
China's military today said it began joint army, navy and rocket force exercises around Taiwan to "serve as a stern warning and powerful deterrent against Taiwanese independence," calling President William Lai (賴清德) a "parasite." The exercises come after Lai called Beijing a "foreign hostile force" last month. More than 10 Chinese military ships approached close to Taiwan's 24 nautical mile (44.4km) contiguous zone this morning and Taiwan sent its own warships to respond, two senior Taiwanese officials said. Taiwan has not yet detected any live fire by the Chinese military so far, one of the officials said. The drills took place after US Secretary
THUGGISH BEHAVIOR: Encouraging people to report independence supporters is another intimidation tactic that threatens cross-strait peace, the state department said China setting up an online system for reporting “Taiwanese independence” advocates is an “irresponsible and reprehensible” act, a US government spokesperson said on Friday. “China’s call for private individuals to report on alleged ‘persecution or suppression’ by supposed ‘Taiwan independence henchmen and accomplices’ is irresponsible and reprehensible,” an unnamed US Department of State spokesperson told the Central News Agency in an e-mail. The move is part of Beijing’s “intimidation campaign” against Taiwan and its supporters, and is “threatening free speech around the world, destabilizing the Indo-Pacific region, and deliberately eroding the cross-strait status quo,” the spokesperson said. The Chinese Communist Party’s “threats
RSS