Global hack: Cybersecurity firm reports suspected Chinese espionage

State-backed Chinese hackers have allegedly breached the networks of hundreds of public and private sector organizations across the globe, according to a United States cybersecurity firm. Nearly a third of the targets are government agencies.

|
Mark Schiefelbein/AP/File
Attendees walk past an electronic display showing recent cyberattacks in China at a security conference in Beijing, on Sept. 12, 2017. Hackers linked to China were likely behind the exploitation of a vulnerability in an email application, a U.S. cybersecurity firm said.

Suspected state-backed Chinese hackers used a security hole in a popular email security appliance to break into the networks of hundreds of public and private sector organizations globally, nearly a third of them government agencies including foreign ministries, the cybersecurity firm Mandiant said Thursday.

“This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Charles Carmakal, Mandiant’s chief technical officer, said in an emailed statement. That hack compromised tens of thousands of computers globally.

In a blog post Thursday, Google-owned Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks’ Email Security Gateway was engaged in “espionage activity in support of the People’s Republic of China.” It said the activity began as early as October.

The hackers sent emails containing malicious file attachments to gain access to targeted organizations’ devices and data, Mandiant said. Of those organizations, 55% were from the Americas, 22% from Asia Pacific, and 24% from Europe, the Middle East, and Africa, and they included foreign ministries in Southeast Asia, foreign trade offices, and academic organizations in Taiwan and Hong Kong, the company said.

Mandiant said the majority impact in the Americas may partially reflect the geography of Barracuda’s customer base.

Barracuda announced on June 6 that some of its email security appliances had been hacked as early as October, giving the intruders a back door into compromised networks. The hack was so severe the California company recommended fully replacing the appliances.

After discovering it in mid-May, Barracuda released containment and remediation patches but the hacking group, which Mandiant identifies as UNC4841, altered their malware to try to maintain access, Mandiant said. The group then “countered with high frequency operations targeting a number of victims located in at least 16 different countries.”

Word of the breach arrived with United States Secretary of State Antony Blinken departing for China this weekend as part of the Biden administration’s push to repair deteriorating ties between Washington and Beijing.

His visit had initially been planned for early this year but was postponed indefinitely after the discovery and shootdown of what the U.S. said was a Chinese spy balloon over the U.S.

Mandiant said the targeting, at both the organizational and individual account levels, focused on issues that are high policy priorities for China, particularly in the Asia Pacific region. It said the hackers searched for email accounts of people working for governments of political or strategic interest to China at the time they were participating in diplomatic meetings with other countries.

In an emailed statement Thursday, Barracuda said about 5% of its active Email Security Gateway appliances worldwide showed evidence of potential compromise. It said it was providing replacement appliances to affected customers at no cost.

The U.S. government has accused Beijing of being its principal cyberespionage threat, with state-backed Chinese hackers stealing data from both the private and public sectors.

In terms of raw intelligence affecting the U.S., China’s largest electronic infiltrations have targeted OPM, Anthem, Equifax, and Marriott.

Earlier this year, Microsoft said state-backed Chinese hackers have been targeting U.S. critical infrastructure and could be laying the technical groundwork for the potential disruption of critical communications between the U.S. and Asia during future crises.

China says the U.S. also engages in cyberespionage against it, hacking into the computers of its universities and companies.

This story was reported by The Associated Press. AP Business Writer Zen Soo contributed from Hong Kong.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Global hack: Cybersecurity firm reports suspected Chinese espionage
Read this article in
https://www.csmonitor.com/World/2023/0616/Global-hack-Cybersecurity-firm-reports-suspected-Chinese-espionage
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe