Suspected state-backed Chinese hackers used a security loophole in a popular e-mail security appliance to break into the networks of hundreds of public and private-sector organizations globally — nearly a third of them government agencies, including foreign ministries — cybersecurity firm Mandiant said on Thursday.
“This is the broadest cyberespionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Mandiant chief financial officer Charles Carmakal said in an e-mailed statement.
That hack compromised tens of thousands of computers globally.
Photo: AP
In a blog post on Thursday, Google-owned Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks’ E-mail Security Gateway was engaged in “espionage activity in support of the People’s Republic of China.”
It said the activity began as early as October last year.
The hackers sent e-mails containing malicious attachments to gain access to targeted organizations’ devices and data, Mandiant said.
Of those organizations, 55 percent were from the Americas, 22 percent from the Asia-Pacific region and 24 percent from Europe, the Middle East and Africa.
They included foreign ministries in Southeast Asia, and foreign trade offices and academic organizations in Taiwan and Hong Kong, the company said.
Barracuda on Tuesday last week announced that some of its e-mail security appliances had been hacked as early as October, giving the intruders a back door into compromised networks.
The hack was so severe that the California company recommended fully replacing the appliances.
After discovering it in the middle of last month, Barracuda released containment and remediation patches.
However, the hacking group, which Mandiant identifies as UNC4841, altered their malware to try to maintain access, Mandiant said.
The group “countered with high-frequency operations targeting a number of victims located in at least 16 different countries,” it said.
Word of the breach emerged as US Secretary of State Antony Blinken departs for China this weekend as part of US President Joe Biden’s push to repair deteriorating ties between Washington and Beijing.
His visit had initially been planned for early this year, but was postponed indefinitely after the discovery and shooting down of what the US said was a Chinese spy balloon over the US.
Mandiant said the targeting at the organizational and individual levels focused on issues that are high policy priorities for China, particularly in the Asia-Pacific region.
It said the hackers searched for e-mail accounts of people working for governments of political or strategic interest to China at the time they were participating in diplomatic meetings with other countries.
Chinese Ministry of Foreign Affairs spokesman Wang Wenbin (汪文斌) responded to the report, saying that the “content is far-fetched and unprofessional.”
“American cybersecurity companies continue to churn out reports on so-called cyberattacks by other countries, which have been reduced to accomplices for the US government’s political smear against other countries,” Wang said.
Taiwan aims to open 18 representative offices and seven Taiwan Tourism Information Centers worldwide by next year to attract international visitors, the Tourism Administration said on Saturday. The agency has so far opened three representative offices abroad this year and would open two more before the end of the year, it said. It has also already opened information centers in Jakarta, Mumbai and Paris, and is to open one in Vancouver next month and in Manila in December, it said. Next year, it would also open offices in Amsterdam, Dubai and Sydney, it added. While the Cabinet did not mention international tourists in its
EYES AT SEA: Many marine enthusiasts have expressed interest in volunteering for coastal patrols, which would help identify stowaways and illegal fishing, the CGA said Six thousand coastal patrol volunteers are to be recruited for 159 inspection offices to enhance the nation’s response to “gray zone” conflicts, Coast Guard Administration (CGA) sources said yesterday. Volunteer teams would be established to increase the resilience of coastal defense systems in the wake of two unlawful entries attempted by Chinese over the past three months, Ocean Affairs Council Minister Kuan Bi-ling (管碧玲) said. A former Chinese navy captain drove a motorboat into the Tamsui River (淡水河) in Taipei on the eve of the Dragon Boat Festival in June, while another Chinese man sailed in a rubber boat into the Houkeng
NEXT LEVEL: The defense ministry confirmed that a video released last month featured personnel piloting new FPV drone systems being developed by the Armaments Bureau Taipei and Washington are pushing for their drone companies to work together to establish a China-free supply chain, the Financial Times reported on Friday. A delegation of high-level executives and US government officials were yesterday to arrive in Taipei to discuss with their Taiwanese counterparts collaboration on drone technology procurement and development, the report said. The executives represent 26 US manufacturers of drone and counter-drone systems, while the officials are from the US Department of Commerce and the US Department of Defense’s Defense Innovation Unit, along with Dev Shenoy, principal director for microelectronics in the Office of the Under Secretary of Defense
‘ANONYMOUS 64’: A national security official said that it is an attempt by China to increase domestic anti-Taiwanese sentiment and inflame cross-strait tensions The Ministry of National Defense’s (MND) Information, Communications and Electronic Force Command (ICEFCOM) yesterday denied accusations by China that it had undermined regional security by carrying out cyberattacks against targets in China, adding instead that Beijing was responsible for raising tensions and undermining regional peace. The Chinese Ministry of State Security on WeChat accused a hacker group called “Anonymous 64” of targeting China, Hong Kong and Macau starting earlier this year through frequent cyberattacks. The group carried out cyberattacks to seize control of Web sites, outdoor electronic billboards and video-on-demand platforms in China, Hong Kong and Macau, it said, adding the hackers’