Suspected state-backed Chinese hackers used a security loophole in a popular e-mail security appliance to break into the networks of hundreds of public and private-sector organizations globally — nearly a third of them government agencies, including foreign ministries — cybersecurity firm Mandiant said on Thursday.
“This is the broadest cyberespionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Mandiant chief financial officer Charles Carmakal said in an e-mailed statement.
That hack compromised tens of thousands of computers globally.
Photo: AP
In a blog post on Thursday, Google-owned Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks’ E-mail Security Gateway was engaged in “espionage activity in support of the People’s Republic of China.”
It said the activity began as early as October last year.
The hackers sent e-mails containing malicious attachments to gain access to targeted organizations’ devices and data, Mandiant said.
Of those organizations, 55 percent were from the Americas, 22 percent from the Asia-Pacific region and 24 percent from Europe, the Middle East and Africa.
They included foreign ministries in Southeast Asia, and foreign trade offices and academic organizations in Taiwan and Hong Kong, the company said.
Barracuda on Tuesday last week announced that some of its e-mail security appliances had been hacked as early as October, giving the intruders a back door into compromised networks.
The hack was so severe that the California company recommended fully replacing the appliances.
After discovering it in the middle of last month, Barracuda released containment and remediation patches.
However, the hacking group, which Mandiant identifies as UNC4841, altered their malware to try to maintain access, Mandiant said.
The group “countered with high-frequency operations targeting a number of victims located in at least 16 different countries,” it said.
Word of the breach emerged as US Secretary of State Antony Blinken departs for China this weekend as part of US President Joe Biden’s push to repair deteriorating ties between Washington and Beijing.
His visit had initially been planned for early this year, but was postponed indefinitely after the discovery and shooting down of what the US said was a Chinese spy balloon over the US.
Mandiant said the targeting at the organizational and individual levels focused on issues that are high policy priorities for China, particularly in the Asia-Pacific region.
It said the hackers searched for e-mail accounts of people working for governments of political or strategic interest to China at the time they were participating in diplomatic meetings with other countries.
Chinese Ministry of Foreign Affairs spokesman Wang Wenbin (汪文斌) responded to the report, saying that the “content is far-fetched and unprofessional.”
“American cybersecurity companies continue to churn out reports on so-called cyberattacks by other countries, which have been reduced to accomplices for the US government’s political smear against other countries,” Wang said.
A magnitude 7.0 earthquake struck off Yilan at 11:05pm yesterday, the Central Weather Administration (CWA) said. The epicenter was located at sea, about 32.3km east of Yilan County Hall, at a depth of 72.8km, CWA data showed There were no immediate reports of damage. The intensity of the quake, which gauges the actual effect of a seismic event, measured 4 in Yilan County area on Taiwan’s seven-tier intensity scale, the data showed. It measured 4 in other parts of eastern, northern and central Taiwan as well as Tainan, and 3 in Kaohsiung and Pingtung County, and 2 in Lienchiang and Penghu counties and 1
A car bomb killed a senior Russian general in southern Moscow yesterday morning, the latest high-profile army figure to be blown up in a blast that came just hours after Russian and Ukrainian delegates held separate talks in Miami on a plan to end the war. Kyiv has not commented on the incident, but Russian investigators said they were probing whether the blast was “linked” to “Ukrainian special forces.” The attack was similar to other assassinations of generals and pro-war figures that have either been claimed, or are widely believed to have been orchestrated, by Ukraine. Russian Lieutenant General Fanil Sarvarov, 56, head
FOREIGN INTERFERENCE: Beijing would likely intensify public opinion warfare in next year’s local elections to prevent Lai from getting re-elected, the ‘Yomiuri Shimbun’ said Internal documents from a Chinese artificial intelligence (AI) company indicated that China has been using the technology to intervene in foreign elections, including propaganda targeting Taiwan’s local elections next year and presidential elections in 2028, a Japanese newspaper reported yesterday. The Institute of National Security of Vanderbilt University obtained nearly 400 pages of documents from GoLaxy, a company with ties to the Chinese government, and found evidence that it had apparently deployed sophisticated, AI-driven propaganda campaigns in Hong Kong and Taiwan to shape public opinion, the Yomiuri Shimbun reported. GoLaxy provides insights, situation analysis and public opinion-shaping technology by conducting network surveillance
‘POLITICAL GAME’: DPP lawmakers said the motion would not meet the legislative threshold needed, and accused the KMT and the TPP of trivializing the Constitution The Legislative Yuan yesterday approved a motion to initiate impeachment proceedings against President William Lai (賴清德), saying he had undermined Taiwan’s constitutional order and democracy. The motion was approved 61-50 by lawmakers from the main opposition Chinese Nationalist Party (KMT) and the smaller Taiwan People’s Party (TPP), who together hold a legislative majority. Under the motion, a roll call vote for impeachment would be held on May 19 next year, after various hearings are held and Lai is given the chance to defend himself. The move came after Lai on Monday last week did not promulgate an amendment passed by the legislature that
RSS