《TAIPEI TIMES》 Chinese hackers breach global networks

/ AP, with staff writer

Suspected state-backed Chinese hackers used a security loophole in a popular e-mail security appliance to break into the networks of hundreds of public and private-sector organizations globally — nearly a third of them government agencies, including foreign ministries — cybersecurity firm Mandiant said on Thursday.

請繼續往下閱讀...

“This is the broadest cyberespionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Mandiant chief financial officer Charles Carmakal said in an e-mailed statement.

That hack compromised tens of thousands of computers globally.

In a blog post on Thursday, Google-owned Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks’ E-mail Security Gateway was engaged in “espionage activity in support of the People’s Republic of China.”

It said the activity began as early as October last year.

The hackers sent e-mails containing malicious attachments to gain access to targeted organizations’ devices and data, Mandiant said.

Of those organizations, 55 percent were from the Americas, 22 percent from the Asia-Pacific region and 24 percent from Europe, the Middle East and Africa.

They included foreign ministries in Southeast Asia, and foreign trade offices and academic organizations in Taiwan and Hong Kong, the company said.

Barracuda on Tuesday last week announced that some of its e-mail security appliances had been hacked as early as October, giving the intruders a back door into compromised networks.

The hack was so severe that the California company recommended fully replacing the appliances.

After discovering it in the middle of last month, Barracuda released containment and remediation patches.

However, the hacking group, which Mandiant identifies as UNC4841, altered their malware to try to maintain access, Mandiant said.

The group “countered with high-frequency operations targeting a number of victims located in at least 16 different countries,” it said.

Word of the breach emerged as US Secretary of State Antony Blinken departs for China this weekend as part of US President Joe Biden’s push to repair deteriorating ties between Washington and Beijing.

His visit had initially been planned for early this year, but was postponed indefinitely after the discovery and shooting down of what the US said was a Chinese spy balloon over the US.

Mandiant said the targeting at the organizational and individual levels focused on issues that are high policy priorities for China, particularly in the Asia-Pacific region.

It said the hackers searched for e-mail accounts of people working for governments of political or strategic interest to China at the time they were participating in diplomatic meetings with other countries.

Chinese Ministry of Foreign Affairs spokesman Wang Wenbin （汪文斌） responded to the report, saying that the “content is far-fetched and unprofessional.”

“American cybersecurity companies continue to churn out reports on so-called cyberattacks by other countries, which have been reduced to accomplices for the US government’s political smear against other countries,” Wang said.

新聞來源：TAIPEI TIMES