The cyber espionage activity was detected in May, and is believed to have started as early as October of last year
With clear links to China, online attackers are behind a vast cyber espionage campaign targeting government agencies of interest to Beijing, Google subsidiary Mandiant said on Thursday.
“This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” said Mandiant chief technology officer Charles Carmakal.
Computer defences of hundreds of organisations were compromised by the cyber attackers, in some cases stealing “emails of prominent employees dealing in matters of interest to the Chinese government,” Carmakal added.
A group referred to as UNC4841 was behind a wide-ranging espionage campaign “in support of the People’s Republic of China,” Mandiant reported having “high confidence”.
Striking organizations in the public and private sectors worldwide, the hackers targeted victims in at least 16 different countries.
Particularly in the Asia-Pacific region and Taiwan, the targeting focused on issues of high policy importance to Chinese government.
Victims included foreign ministries as well as research organizations and foreign trade missions based in Hong Kong and Taiwan, Mandiant said in its findings.
For screening such missives to make sure they are safe, cyber attacks involved email messages booby-trapped with malicious code, and exploited vulnerability in Barracuda software.
The cyber espionage activity was detected in May, and is believed to have started as early as October of last year.
“We continue to see evidence of ongoing malware activity” on some systems that were compromised, said Barracuda Networks.
At least 30,000 organizations in the United States including businesses and local governments were affected by the 2021 hack of Microsoft Exchange, which security researchers attributed to a Beijing-backed hacker group.
In an apparently unrelated cyber attack, several US federal agencies had been caught in a Russian group’s hack of the commonly used MOVEit software.
To information on how to mitigate the threat, the White House pointed to an alert issued last week by the FBI and CISA, the federal government’s lead cybersecurity agency.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics