A China-linked threat actor is suspected of conducting a widespread cyber espionage campaign by exploiting a security vulnerability in Barracuda Networks’ Email Security Gateway, according to cybersecurity firm Mandiant.
The campaign is believed to be the most extensive cyber espionage operation conducted by a China-related threat actor since the Microsoft Exchange mass exploitation in early 2021.
Mandiant has expressed “high confidence” that the group is engaged in espionage activity on behalf of the People’s Republic of China, with the campaign starting as early as October 2022.
The hackers targeted a range of public and private sector organizations globally, including nearly a third of government agencies, foreign ministries, and other institutions. The compromised organizations were primarily located in the Americas, Asia Pacific, and Europe, the Middle East, and Africa.
The hackers used malicious email attachments to gain access to targeted devices and data, employing tactics to evade detection, such as using generic spam content. Mandiant believes that the campaign’s focus on political and strategic issues aligns with the likelihood of political espionage. The targeted companies included prominent organizations like OPM, Anthem, Equifax, and Marriott, resulting in significant implications for US intelligence.
