Extensive cyber espionage operation by China-linked group, report says

A group of cyberattackers, visibly linked to the Chinese state, is responsible for a vast campaign of computer espionage targeting in particular government agencies of several countries representing a strategic interest for Beijing, said Thursday a report from a subsidiary of Google.

“This is the largest known cyber espionage campaign by a China-linked malicious actor since the massive Microsoft Exchange exploit in early 2021,” Charles Carmakal, CTO of cybersecurity specialist Mandiant, said in a statement. which depends on the American tech giant.

“For some of the victims, (the attackers) stole the emails of important employees working on files of interest to the Chinese government,” he added.

The company believes with a “high degree of confidence” that the group responsible for the attack, carried out by email, “conducted espionage activities in support of China”, can we read in the report published online .

The attackers “aggressively targeted specific data to exfiltrate it” from victims “located in at least 16 different countries”, an attack “which affected organizations in the public and private sectors around the world”.

The victims are “nearly a third” of government agencies according to Mandiant, which supports, according to the specialist, the hypothesis that this attack was carried out for “espionage purposes.”

The choice of targets is directly linked to “high priority issues for China, especially in the Asia-Pacific region, including Taiwan”, notes the Google Cloud subsidiary.

The victims include ministries of foreign affairs of countries of the Association of Southeast Asian Nations (ASEAN), as well as research organizations and foreign trade missions based in Taiwan and Hong Kong.

The attack, carried out via infected emails, managed to detect a breach in tools for filtering and analyzing emails and their attachments, software from the Barracuda company.

The intrusion, which began as early as October 2022, was detected in May, and the group of attackers continued their work to try to maintain their access to the systems despite attempts to plug the digital breach, according to Mandiant.

“We continue to see evidence of malicious activity” in some systems, Barracuda said in a statement Thursday.

The early 2021 hack of Microsoft Exchange, attributed to a group of Chinese hackers backed by Beijing, had affected at least 30,000 American organizations, including businesses, cities and local authorities in the United States.

Several US federal agencies are also among the entities targeted by a visibly distinct cyberattack, the US channel CNN reported on Thursday.

Contacted by AFP, White House National Security Council spokesman Adam Hodge said the US Cyber ??Security Agency (CISA) and the Federal Police (FBI) had “issued a cybersecurity alert ( …) to help businesses and government agencies quickly identify and resolve vulnerabilities.”

“The Biden-Harris administration has been relentlessly dedicated to improving the nation’s cybersecurity and the security of the software we all use,” he added.

Western countries are increasingly worried about Beijing’s maneuvers in cyberspace.

At the end of May, the United States and its Western allies accused a Chinese-sponsored “cyberactor” of infiltrating American “critical infrastructure”. Beijing had then firmly denied and denounced a “disinformation campaign”.

And on Thursday, the European Commission deemed Chinese telecoms equipment providers Huawei and ZTE a security risk to the EU and announced that it would no longer underwrite mobile phone services relying on Huawei’s hardware. these companies.

China regularly claims to be itself the victim of numerous cyberattacks.

In September, she notably accused the United States of having carried out “tens of thousands” against her interests, some of which, according to her, allowed sensitive data to be stolen, in particular from a Chinese research university.

The release of Mandiant’s report comes days before US Foreign Minister Antony Blinken is due to visit China with the ambition of renewing dialogue with Beijing after several months of high tensions since the balloon incident in February.

16/06/2023 03:39:24 –         Washington (AFP) –         © 2023 AFP

Exit mobile version