A report released Thursday by a subsidiary of the “Google” group said a group of cyber attackers apparently linked to the Chinese government had launched a large-scale information espionage campaign, especially targeting government agencies in multiple countries of strategic importance to Beijing .
“This is the largest known cyber-espionage campaign by malicious actors linked to China since the massive hack of Microsoft Exchange in early 2021,” said Charles Carmackal, technical director at U.S. internet giant Mandiant. ) explain.
“For some victims, the attackers stole the emails of high-value employees who handled documents of interest to the Chinese government,” he added.
The company said in its online report that it had “high confidence” that the group responsible for the email attack “engaged in pro-China espionage”.
The attackers “intensely targeted specific data in order to “exfiltrate” it from victims in at least 16 different countries, she explained, noting that the attack “targeted public and private sector organizations around the world.”
for government agencies
“Approximately one-third” of the victims were government agencies, which, according to Mandiant, supported the assumption that the attacks were for “espionage purposes.”
According to the Google Cloud subsidiary, the selection of targets is directly related to “high priority issues in China, especially in the Asia-Pacific region including Taiwan.”
Victims included the foreign ministries of members of the Association of Southeast Asian Nations (ASEAN), as well as research institutes and foreign trade missions in Taiwan and Hong Kong.
Hackers who launched an attack via an infected email were able to detect a vulnerability in Barracuda software that could preview emails and attachments to ensure they are safe.
Mandiant said the hacking began in October 2022 and was discovered in May, but the hacking group continued its efforts to continue infiltrating systems despite attempts to address digital vulnerabilities.
“We continue to see evidence of malicious activity on certain systems,” Barracuda said in a statement.
China says it is a victim too
Piracy of Microsoft Exchange by a Beijing-backed group of Chinese hackers has affected no fewer than 30,000 US entities, including local companies, cities, and associations.
The American “CNN” channel reported on Thursday that several federal agencies in the United States appear to have been attacked by separate information.
Contacted by AFP, White House National Security Council spokesman Adam Hodge said the US Cyber Security Agency and the FBI “issued cybersecurity alerts to help businesses and government agencies quickly identify vulnerabilities and find solutions for them.”
“The administrations of President Joe Biden and Vice President Kamala Harris have worked tirelessly to improve our nation’s cybersecurity and the security of the software we use,” he added.
Western countries are increasingly concerned about Beijing’s activities in cyberspace.
In late May, the United States and its Western allies accused Chinese-funded “cyber attackers” of invading “vital infrastructure” in the United States, a claim Beijing has vehemently denied and denounced as a “disinformation campaign”.
The European Commission also warned on Thursday that Chinese telecommunications giants “Huawei” and “ZTE” posed a threat to the security of the European Union, announcing that it would no longer use mobile phone services that depend on their products.
China, by contrast, often claims to be the victim of cyberattacks.
Mandiant’s report comes days after U.S. Secretary of State Anthony Blinken visited China, hoping to resume dialogue after months of tension since the February balloon incident.