State-backed Chinese hackers have infiltrated several public and commercial sector networks in a global cyber espionage effort, according to cybersecurity company Mandiant.
Nearly a third of the entities targeted, including foreign ministries, were reportedly government institutions, Mandiant noted. To obtain unauthorized access, the hackers took advantage of a security flaw in a well-known email security system, The Washington Post reported.
The most extensive cyber espionage operation by a China-affiliated threat actor since the Microsoft Exchange disaster earlier this year shows the rising complexity and scope of state-sponsored cyber operations.
Mandiant's Chief Technical Officer, Charles Carmakal, called the hack a significant cyber-espionage effort, topping even the extensive Microsoft Exchange exploitation in early 2021.
How Did It Happen?
Using a software flaw to get into networks, the hackers went against Barracuda Networks' Email Security Gateway.
Google-owned Mandiant said it had "high confidence" that the attackers were working for China. The cyberattack campaign is said to have started in October.
To access the equipment and data of the targeted companies, the hackers used emails with malicious file attachments. According to Mandiant, 24% of the impacted organizations were from Europe, the Middle East, and Africa, 22% were from Asia Pacific, and 55% were from the Americas.
“This kind of probing of critical infrastructure actually happens fairly regularly, and it does not mean an incident is imminent – or ever going to happen," - @JohnHultquist, chief analyst at Mandiant
— Mandiant (@Mandiant) June 12, 2023
Learn more about the Chinese ‘Volt Typhoon’ hack: https://t.co/rOYlWntTyP
Read Also: Former Samsung Executive Arrested for Stealing Trade Secrets to Build Chip Plant in China
Among the notable victims were academic institutions in Taiwan and Hong Kong, international trade offices, and foreign ministries in Southeast Asia. A more significant effect of the cyberattack was seen in the Americas due to the geographic concentration of Barracuda's clientele, Mandiant explained.
On June 6, Barracuda Networks said that since October, one of its email security appliances had been hacked, allowing unauthorized access to networks. The severity of the attack prompted the California-based company's recommendation to replace the compromised equipment completely, per ABC News.
China Denies Accusations
Despite making containment and repair updates available in the middle of May, the hacker organization known as UNC4841 continued to attack victims in at least 16 countries by modifying their malware to keep access.
Mandiant reported that the hackers targeted organizational and individual accounts, concentrating on high-priority policy problems for China, especially in Asia Pacific. During diplomatic talks with foreign nations, hackers targeted people's email accounts connected to government essential to China politically or strategically.
As of June 10, Barracuda reported that 5% of operational Email Security Gateway devices globally exhibited intrusion indicators.
Liu Pengyu, a spokesperson for the Chinese Embassy in Washington DC, called the assertions that Beijing supported hacking "completely distorting the truth." The Chinese official reiterated China's opposition to all kinds of cyber-hacking, blaming the US government for engaging in similar activities without providing evidence to support the claim, as per a report from TechCrunch.
Related Article: Russia-linked Ransomware Gang Lists Victims of Mass-hacks Consisting of US Banks, Universities
