Security Company Says Chinese-linked Spy Attacks Hit Hundreds of Users

05:43 June 21, 2023

Security Company Says Chinese-linked Spy Attacks Hit Hundreds of Users

A security company has accused Chinese hackers of carrying out internet attacks on hundreds of public and private organizations.

The hackers used a vulnerability in a popular email security tool that made the attacks possible, officials from cybersecurity company Mandiant said.

Google-owned Mandiant said it suspected the Chinese government backed the attacks. Nearly a third of those targeted were government agencies, including foreign ministries, the company added.

China's foreign ministry spokesman Wang Wenbin called the Mandiant report "far-fetched and unprofessional." He added that American companies continued to turn out reports as part of the U.S. government's false accusations against other countries.

Charles Carmakal is the chief technical officer at Mandiant. He told The Associated Press the attacks were believed to be the largest online spying campaign linked to China since the attack on a Microsoft email product in early 2021. That hack affected tens of thousands of computers around the world.

The attack used a problem in an email security software program made by Barracuda Networks, a company in California. Mandiant said it highly suspects the attack involved a spying operation “in support of the People’s Republic of China.” It said the activity began as early as October.

Mandiant said the hackers sent emails containing harmful attachments to get into targeted organizations’ devices and data.

The company said of those organizations, 55 percent were from the Americas. Twenty-two percent were from the Asia Pacific area, while 24 percent were from Europe, the Middle East and Africa. Mandiant said the targets included foreign ministries in Southeast Asia, foreign trade offices and schooling organizations in Taiwan and Hong Kong.

The fact that the majority of attacks happened in the Americas is likely because that is where Barracuda has the most users.

Barracuda announced on June 6 that some of its email security systems had been hacked as early as October. The hacking operation was so severe that Mandiant suggested that users fully replace its system.

The company said after discovering the problem in May, Barracuda released software fixes to limit damage and repair the system. But the hacking group changed their programming so it could continue its attacks. The group – which Mandiant identified as UNC4841 – then began targeting victims in at least 16 different countries.

Mandiant said the attacks were centered on areas considered to be important for Chinese policy, including the Asia Pacific area. The attacks included both organizations and individual accounts.

Barracuda said about five percent of its active Email Security Gateway systems around the world showed evidence of possible attack. It said it was providing replacement systems to affected buyers at no cost.

The U.S. government has accused China of being its main online spying threat. U.S. officials have pointed to evidence that state-backed Chinese hackers have in the past stolen data from both private and public individuals and organizations.

U.S. officials have said suspected Chinese-linked internet attacks have targeted a series of American companies and agencies. These included the government’s Office of Personnel Management (OPM), health care company Anthem, Equifax, and Marriott.

Earlier this year, Microsoft said state-backed Chinese hackers had been targeting important U.S. infrastructure. The company suggested China could be preparing to possibly attack communication links between the U.S. and Asia during future crises.

China has repeatedly accused the U.S. of also performing online spying operations against it.

I’m Gregory Stachel.

Google Play VOA Learning English - Digdok