Suspected state-backed Chinese hackers used a security loophole in a popular e-mail security appliance to break into the networks of hundreds of public and private-sector organizations globally — nearly a third of them government agencies, including foreign ministries — cybersecurity firm Mandiant said on Thursday.
“This is the broadest cyberespionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Mandiant chief financial officer Charles Carmakal said in an e-mailed statement.
That hack compromised tens of thousands of computers globally.
Photo: AP
In a blog post on Thursday, Google-owned Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks’ E-mail Security Gateway was engaged in “espionage activity in support of the People’s Republic of China.”
It said the activity began as early as October last year.
The hackers sent e-mails containing malicious attachments to gain access to targeted organizations’ devices and data, Mandiant said.
Of those organizations, 55 percent were from the Americas, 22 percent from the Asia-Pacific region and 24 percent from Europe, the Middle East and Africa.
They included foreign ministries in Southeast Asia, and foreign trade offices and academic organizations in Taiwan and Hong Kong, the company said.
Barracuda on Tuesday last week announced that some of its e-mail security appliances had been hacked as early as October, giving the intruders a back door into compromised networks.
The hack was so severe that the California company recommended fully replacing the appliances.
After discovering it in the middle of last month, Barracuda released containment and remediation patches.
However, the hacking group, which Mandiant identifies as UNC4841, altered their malware to try to maintain access, Mandiant said.
The group “countered with high-frequency operations targeting a number of victims located in at least 16 different countries,” it said.
Word of the breach emerged as US Secretary of State Antony Blinken departs for China this weekend as part of US President Joe Biden’s push to repair deteriorating ties between Washington and Beijing.
His visit had initially been planned for early this year, but was postponed indefinitely after the discovery and shooting down of what the US said was a Chinese spy balloon over the US.
Mandiant said the targeting at the organizational and individual levels focused on issues that are high policy priorities for China, particularly in the Asia-Pacific region.
It said the hackers searched for e-mail accounts of people working for governments of political or strategic interest to China at the time they were participating in diplomatic meetings with other countries.
Chinese Ministry of Foreign Affairs spokesman Wang Wenbin (汪文斌) responded to the report, saying that the “content is far-fetched and unprofessional.”
“American cybersecurity companies continue to churn out reports on so-called cyberattacks by other countries, which have been reduced to accomplices for the US government’s political smear against other countries,” Wang said.
NATIONAL SECURITY THREAT: An official said that Guan Guan’s comments had gone beyond the threshold of free speech, as she advocated for the destruction of the ROC China-born media influencer Guan Guan’s (關關) residency permit has been revoked for repeatedly posting pro-China content that threatens national security, the National Immigration Agency said yesterday. Guan Guan has said many controversial things in her videos posted to Douyin (抖音), including “the red flag will soon be painted all over Taiwan” and “Taiwan is an inseparable part of China,” while expressing hope for expedited “reunification.” The agency received multiple reports alleging that Guan Guan had advocated for armed reunification last year. After investigating, the agency last month issued a notice requiring her to appear and account for her actions. Guan Guan appeared as required,
A strong cold air mass is expected to arrive tonight, bringing a change in weather and a drop in temperature, the Central Weather Administration (CWA) said. The coldest time would be early on Thursday morning, with temperatures in some areas dipping as low as 8°C, it said. Daytime highs yesterday were 22°C to 24°C in northern and eastern Taiwan, and about 25°C to 28°C in the central and southern regions, it said. However, nighttime lows would dip to about 15°C to 16°C in central and northern Taiwan as well as the northeast, and 17°C to 19°C elsewhere, it said. Tropical Storm Nokaen, currently
‘NATO-PLUS’: ‘Our strategic partners in the Indo-Pacific are facing increasing aggression by the Chinese Communist Party,’ US Representative Rob Wittman said The US House of Representatives on Monday released its version of the Consolidated Appropriations Act, which includes US$1.15 billion to support security cooperation with Taiwan. The omnibus act, covering US$1.2 trillion of spending, allocates US$1 billion for the Taiwan Security Cooperation Initiative, as well as US$150 million for the replacement of defense articles and reimbursement of defense services provided to Taiwan. The fund allocations were based on the US National Defense Authorization Act for fiscal 2026 that was passed by the US Congress last month and authorized up to US$1 billion to the US Defense Security Cooperation Agency in support of the
PAPERS, PLEASE: The gang exploited the high value of the passports, selling them at inflated prices to Chinese buyers, who would treat them as ‘invisibility cloaks’ The Yilan District Court has handed four members of a syndicate prison terms ranging from one year and two months to two years and two months for their involvement in a scheme to purchase Taiwanese passports and resell them abroad at a massive markup. A Chinese human smuggling syndicate purchased Taiwanese passports through local criminal networks, exploiting the passports’ visa-free travel privileges to turn a profit of more than 20 times the original price, the court said. Such criminal organizations enable people to impersonate Taiwanese when entering and exiting Taiwan and other countries, undermining social order and the credibility of the nation’s
RSS