Suspected state-backed Chinese hackers used a security hole in a popular email security appliance to break into the networks of hundreds of public and private sector organisations globally, nearly a third of them government agencies including foreign ministries, the cybersecurity firm Mandiant said Thursday.
“This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Charles Carmakal, Mandiant’s chief technical officer, said in a emailed statement. That hack compromised tens of thousands of computers globally.
In a blog post on Thursday, Google-owned Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks’ Email Security Gateway was engaged in “espionage activity in support of the People’s Republic of China”. It said the activity began as early as October.
The hackers sent emails containing malicious file attachments to gain access to targeted organisations’ devices and data, Mandiant said. Of those organisations, 55 per cent were from the Americas, 22 per cent from the Asia-Pacific and 24 per cent from Europe, the Middle East and Africa, and they included foreign ministries in Southeast Asia, foreign trade offices and academic organisations in Taiwan and Hong Kong. the company said.
Mandiant said the majority impact in the Americas may partially reflect the geography of Barracuda’s customer base.
