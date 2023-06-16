A Google-backed firm has claimed that hackers supported by China are behind a vast cyber espionage campaign targeting government agencies across the world that are of particular interest to the government.

Mandiant, a cybersecurity firm, has said that these hackers have breached computer firewalls of hundreds of organisations, and have stolen "emails of prominent employees dealing in matters of interest to the Chinese government". The loophole The attacks involved using a loophole in a popular email security system, Barracuda software, and sending messages with malicious code, according to the report.

The cyber espionage activity was detected in May, and is believed to have started as early as October of last year.

"This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021," said Mandiant chief technology officer Charles Carmakal in its blog post. AI: Microsoft's ticket to prosperity | World DNA Mandiant said it has “high confidence" that the group, referred to as UNC4841, was exploiting a software vulnerability in Barracuda Networks' Email Security Gateway was engaged in "espionage activity in support of the People's Republic of China."

The report said the activity began as early as October 2022.

On June 6, Barracuda announced that some of its email security appliances had been hacked, giving hackers a backdoor into compromised networks. The hack is said to be so severe that the California company recommended fully replacing the appliances. 16 nations targeted They have targeted at least 16 different countries, striking organisations in the public and private sectors worldwide, the report said.

Of those organisations, 55 per cent were from the Americas, 22 per cent from Asia Pacific and 24 per cent from Europe, the Middle East and Africa and they included foreign ministries in Southeast Asia.

Among the victims included research organisations and foreign trade missions based in Hong Kong and Taiwan—which are of high policy importance to the Chinese government—Mandiant said in its findings.

The majority of the impact in America may partially reflect the geography of Barracuda’s customer base, Mandiant said.

Barracuda released containment and remediation patches but the hacking group altered their malware to try to maintain access, Mandiant said.

“The group then countered with high frequency operations targeting a number of victims located in at least 16 different countries,” it said.

Earlier this year, Microsoft said state-backed Chinese hackers have been targeting US critical infrastructure and could be laying the technical groundwork for the potential disruption of critical communications between the U.S. and Asia during future crises.

(With inputs from agencies)