State-backed Chinese Hackers Broke Into Global Networks In One Of 'Broadest Cyber Espionage' Attacks

A cybersecurity firm revealed Thursday that suspected Chinese state-backed hackers had successfully broken into the networks of hundreds of public and private sector organizations, with nearly a third of those being government agencies and foreign ministries, according to a report.

In a blog post Thursday, Google-owned Mandiant expressed "high confidence" that the hackers exploiting a software vulnerability in the Email Security Gateway of Barracuda Network was doing an "espionage activity in support of the People's Republic of China."

They also confirmed that the hacking activity began as early as October last year.

"This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021," Mandiant Chief Technical Officer Charles Carmakal said in an emailed response to the Associated Press (AP).

Mandiant said the Chinese hackers had sent emails containing malicious file attachments in order to access their targeted organizations' devices and data.

Of all the organizations hacked, 55% were from the Americas, 24% from Europe, the Middle East and Africa that included Southeast Asian foreign ministries, foreign trade offices and academic organizations in Taiwan and Hong Kong, the company said.

The remaining 22% were from the Asia Pacific.

The majority impact of the hacking in the Americas partially reflected the geography of Barracuda's customer base.

Mandiant said that after they discovered it in mid-May, Barracuda released containment and remediation patches. But the hacking group, identified as UNC4841, to maintain their access, "countered with high frequency operations targeting a number of victims located in at least 16 different countries."

"Mandiant commends Barracuda for their decisive actions, transparency, and information sharing following the exploitation of CVE-2023-2868 by UNC4841," Mandiant said in the blog post.

It added: "The response to the exploitation of this vulnerability by UNC4841 and subsequent investigation necessitated collaboration between Mandiant, Barracuda, and multiple government and intelligence partners."

U.S. Secretary of State Antony Blinken, who was departing for China this weekend, had already been informed of the cyberattack. His visit is part of the Biden administration's push to repair deteriorating relations between Beijing and Washington.

Mandiant confirmed that the hackers targeting both the organizational and individual account levels focused on issues of high priority for China, particularly in the Asia-Pacific region.

The company said that the hackers were looking for email accounts of those working for governments of political and strategic interest to China.

Meanwhile, Barracuda, in an emailed statement Thursday, told AP that about 5% of its active Email Security Gateway appliances around the world had shown potential compromise. They also said they are now working to replace the appliances for affected customers at no cost.