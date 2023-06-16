



Cybersecurity firm Mandiant said Thursday that suspected Chinese hackers exploited a security hole in a popular email security appliance to breach the networks of hundreds of public and private organizations around the world. Nearly a third said they were government agencies, including the Ministry of Foreign Affairs.

In an emailed statement, Mandianz chief technology officer Charles Kamakal said this was known to have been carried out by a China-linked threat actor since the massive Microsoft Exchange exploit in early 2021. said it was the most widespread cyber espionage activity in the world. The hack affected tens of thousands of people. computers around the world.

In a blog post Thursday, Google-owned Mandiant expressed its strong belief that a group exploiting a software vulnerability in Barracuda Networks’ email security gateway was engaged in an espionage campaign in support of the People’s Republic of China. Activities began as early as October.

Mandiant said the hackers sent emails with malicious attachments to gain access to the targeted organizations’ devices and data. Of these organizations, 55% are from the Americas, 22% are from Asia Pacific, and 24% are from Europe, the Middle East and Africa, including foreign ministries, trade bureaus in Southeast Asia, and academic societies in Taiwan and Hong Kong. was included. said the company.

Mandiant said most of the impact in the Americas may partly reflect the geography of Barracuda’s customer base.

Barracuda announced on June 6 that some of its email security appliances were hacked in October as well, giving intruders a backdoor into the compromised network. The scale of the hack was so serious that the California company recommended a complete replacement of the appliance.

After discovering the issue in mid-May, Barracuda released a containment and fix patch, but Mandiant said the hacker group it identifies as UNC4841 modified the malware to maintain access. rice field. The group then fought back with high-frequency operations targeting at least her numerous victims in 16 countries.

News of the breach came as US Secretary of State Anthony Brinken left for China this weekend as part of the Biden administration’s efforts to mend troubled relations between the two countries.

His visit was originally planned for earlier this year, but was postponed indefinitely after the United States discovered and shot down what it said was a Chinese spy balloon over U.S. airspace.

Mandiant said targeting at both the organizational and individual account levels focuses on issues of high policy priority for China, especially in the Asia-Pacific region. The hackers searched email accounts of government officials with political or strategic interests in China while attending diplomatic meetings with other countries, the report said.

Barracuda said in an emailed statement Thursday that about 5% of its active email security gateway appliances worldwide showed evidence of potential compromise. The company said it was providing replacement appliances free of charge to affected customers.

The US government has accused the Chinese government of being the main cyber-espionage threat, with state-sponsored Chinese hackers stealing data from both the private and public sectors.

In terms of raw intelligence impacting the US, China’s largest electronic attacks target OPM, Anthem, Equifax and Marriott.

Earlier this year, Microsoft warned that state-sponsored Chinese hackers were targeting critical U.S. infrastructure, threatening to disrupt critical communications between the U.S. and Asia in the event of a future crisis. He said he may be laying the groundwork.

China claims that the United States is also conducting cyber espionage against China, including hacking computers at its own universities and companies.

AP business reporter Zen Soo contributed from Hong Kong.

