Google-backed security firm raises alarm, says Chinese hackers behind one of the biggest email hacking – Times of India
Suspected state-backed Chinese hackers reportedly used a security hole in a popular email security appliance to break into the networks of hundreds of public and private sector organizations globally, nearly a third of them government agencies including foreign ministries, the Google-backed cybersecurity company Mandiant said. The company termed it
broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021.
In a blog post, Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks’ Email Security Gateway was engaged in “espionage activity in support of the People’s Republic of China.” It said the activity began as early as October 2022. Barracuda announced on June 6 that some of its email security appliances had been hacked, giving hackers backdoor into compromised networks. The hack is said to be so severe that the California company recommended fully replacing the appliances.
Companies across the globe targeted
According to Mandiant, the hackers sent emails containing malicious file attachments to gain access to targeted organizations’ devices and data. Of those organizations, 55% were from the Americas, 22% from Asia Pacific and 24% from Europe, the Middle East and Africa and they included foreign ministries in Southeast Asia, foreign trade offices and academic organizations in Taiwan and Hong Kong. These code families — SALTWATER, SEASPY, and SEASIDE — were identified in the majority of intrusions.
Observed emails contained generic email subject and body content, usually with poor grammar and in some cases containing placeholder values. Mandiant found the body and subject of the message to appear as generic spam in order to be flagged by spam filters or dissuade security analysts from performing a full investigation. It further observed this tactic utilized by advanced groups exploiting zero-day vulnerabilities in the past.
Political espionage likely
Mandiant said the targeting at both the organizational and individual account levels, focused on issues that are high policy priorities for China, particularly in the Asia Pacific region. It said the hackers searched for email accounts of people working for governments of political or strategic interest to China at the time they were participating in diplomatic meetings with other countries.
Companies targeted
Targeted organizations have spanned public and private sectors worldwide. In terms of raw intelligence affecting the US, hackers targeted OPM, Anthem, Equifax and Marriott.
broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021.
In a blog post, Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks’ Email Security Gateway was engaged in “espionage activity in support of the People’s Republic of China.” It said the activity began as early as October 2022. Barracuda announced on June 6 that some of its email security appliances had been hacked, giving hackers backdoor into compromised networks. The hack is said to be so severe that the California company recommended fully replacing the appliances.
Companies across the globe targeted
According to Mandiant, the hackers sent emails containing malicious file attachments to gain access to targeted organizations’ devices and data. Of those organizations, 55% were from the Americas, 22% from Asia Pacific and 24% from Europe, the Middle East and Africa and they included foreign ministries in Southeast Asia, foreign trade offices and academic organizations in Taiwan and Hong Kong. These code families — SALTWATER, SEASPY, and SEASIDE — were identified in the majority of intrusions.
Observed emails contained generic email subject and body content, usually with poor grammar and in some cases containing placeholder values. Mandiant found the body and subject of the message to appear as generic spam in order to be flagged by spam filters or dissuade security analysts from performing a full investigation. It further observed this tactic utilized by advanced groups exploiting zero-day vulnerabilities in the past.
Political espionage likely
Mandiant said the targeting at both the organizational and individual account levels, focused on issues that are high policy priorities for China, particularly in the Asia Pacific region. It said the hackers searched for email accounts of people working for governments of political or strategic interest to China at the time they were participating in diplomatic meetings with other countries.
Companies targeted
Targeted organizations have spanned public and private sectors worldwide. In terms of raw intelligence affecting the US, hackers targeted OPM, Anthem, Equifax and Marriott.
window.TimesApps = window.TimesApps || {}; var TimesApps = window.TimesApps; TimesApps.toiPlusEvents = function(config) { var isConfigAvailable = "toiplus_site_settings" in f && "isFBCampaignActive" in f.toiplus_site_settings && "isGoogleCampaignActive" in f.toiplus_site_settings; var isPrimeUser = window.isPrime; if (isConfigAvailable && !isPrimeUser) { loadGtagEvents(f.toiplus_site_settings.isGoogleCampaignActive); loadFBEvents(f.toiplus_site_settings.isFBCampaignActive); } else { var JarvisUrl="https://jarvis.indiatimes.com/v1/feeds/toi_plus/site_settings/643526e21443833f0c454615?db_env=published"; window.getFromClient(JarvisUrl, function(config){ if (config) { loadGtagEvents(config?.isGoogleCampaignActive); loadFBEvents(config?.isFBCampaignActive); } }) } }; })( window, document, 'script', );
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
