“This is the largest known cyber espionage campaign by a China-linked malicious actor since the large-scale hack of Microsoft Exchange in early 2021,” said Charles Carmackal, CTO of Mandiant, a cybersecurity firm affiliated with China. American internet giant.
“For some of the victims, the attackers stole the emails of high-value employees working on cases involving the Chinese government,” he added.
In its online report, the company said it believed with “a high degree of confidence” that the group responsible for the email attack was “conducting espionage activities in support of China.”
And she explained that the attackers “intensely targeted specific data in order to release it” to victims “who are in at least 16 different countries”, noting that the attack “targeted public and private sector organizations around the world. “.
Target government agencies
And “about a third” of the number of victims are government agencies, which Mandiant says supports the hypothesis that the attack was carried out for “espionage purposes”.
The choice of targets is directly linked to “high priority issues for China, particularly in the Asia-Pacific region, including Taiwan”, according to the Google Cloud subsidiary.
Among the victims are foreign ministries of countries belonging to the Association of Southeast Asian Nations (ASEAN), as well as research organizations and foreign trade missions in Taiwan and Hong Kong.
The hackers, who launched their attack via infested emails, were able to detect a vulnerability in Barracuda’s software to preview emails and attached files to ensure they are safe.
Mandiant said the hack, which began in October 2022, was detected in May, but the hacker group continued its efforts to keep penetrating systems despite attempts to fix the digital vulnerability.
“We continue to see evidence of malicious activity” in some systems, Barracuda said in a statement.
China says it is also a victim
The Microsoft Exchange hack, which has been attributed to a group of Chinese hackers backed by Beijing, affected no less than 30,000 American entities, including local businesses, cities and associations.
And the American channel “CNN” reported on Thursday that several American federal agencies are among the entities that appear to have been the subject of a separate computer attack.
Contacted by Agence France-Presse, Adam Hodge, spokesman for the National Security Council at the White House, said that the US cybersecurity agency and the FBI “have issued a cybersecurity alert to help companies and government agencies to quickly identify vulnerabilities and find solutions.”
“The administration of President Joe Biden and Vice President Kamala Harris have worked tirelessly to improve the nation’s cybersecurity and the security of the software we all use,” he added.
Western countries are increasingly concerned about Beijing’s activities in cyberspace.
In late May, the United States and its Western allies accused a Chinese-sponsored “cyber actor” of hacking into American “vital infrastructure”, which Beijing vehemently denied, calling it a “disinformation campaign”.
The European Commission also warned on Thursday that the two Chinese telecommunications giants, “Huawei” and “ZTE”, pose a threat to the security of the European Union, announcing that it will no longer use mobile telephone services which depend on products from both companies.
On the other hand, China regularly confirms that it is the victim of cyberattacks.
The release of Mandiant’s report comes days before US Secretary of State Anthony Blinken’s visit to China, in hopes of resuming dialogue after months of intense tension since the balloon incident in February.
Read the Latest World News Today on The Eastern Herald.
