The shadow of China hangs over a new cyber espionage operation. A group of cyberattackers, visibly linked to the Chinese state, is responsible for a vast campaign targeting in particular government agencies of several countries representing a strategic interest for Beijing, said Thursday June 15 a report from a subsidiary of Google.
“This is the largest known cyber espionage campaign by a China-linked malicious actor since the massive exploitation of Microsoft Exchange in early 2021,” Charles Carmakal, CTO of Microsoft Exchange, said in a statement. Beggar, a cybersecurity specialist who depends on the American tech giant. “For some of the victims, (the attackers) stole the emails of important employees working on files of interest to the Chinese government,” he added.
The company believes with a “high degree of confidence” that the group responsible for the attack, carried out by email, “conducted espionage activities in support of China”, can we read in the report published online . The attackers “aggressively targeted specific data to exfiltrate it” from victims “located in at least 16 different countries”, an attack “which affected organizations in the public and private sectors all over the world”.
Targeted government agencies
The victims are “nearly a third” of government agencies according to Mandiant, which supports, according to the specialist, the hypothesis that this attack was carried out for “espionage purposes.”
The choice of targets is directly linked to “high priority issues for China, especially in the Asia-Pacific region, including Taiwan”, notes the Google Cloud subsidiary.
The victims are in particular foreign ministries of the countries of the Association of Southeast Asian Nations (ASEAN), as well as research organizations and foreign trade missions based in Taiwan and Hong Kong.
Infected emails
The attack, carried out via infected emails, managed to detect a breach in tools for filtering and analyzing emails and their attachments, software from the Barracuda company.
The intrusion, which began as early as October 2022, was detected in May, and the group of attackers continued their work to try to maintain their access to the systems despite attempts to plug the digital breach, according to Mandiant. “We continue to see evidence of malicious activity” in some systems, Barracuda said in a statement Thursday.
The early 2021 hack of Microsoft Exchange, attributed to a group of Chinese hackers backed by Beijing, had affected at least 30,000 American organizations, including businesses, cities and local communities in the United States. Several US federal agencies are also among the entities targeted by a visibly distinct cyberattack, reported the American channel CNN on Thursday.
“A cybersecurity alert”
Contacted by AFP, the spokesman for the National Security Council of the White House, Adam Hodge, indicated that the American cybersecurity agency (CISA) and the federal police (FBI) had “issued a cybersecurity alert […] to help businesses and government agencies quickly identify and fix vulnerabilities.” -he adds.
Western countries are increasingly worried about Beijing’s maneuvers in cyberspace. At the end of May, the United States and its Western allies accused a Chinese-sponsored “cyberactor” of infiltrating American “critical infrastructure”. Beijing had then firmly denied and denounced a “disinformation campaign”.
And on Thursday, the European Commission deemed Chinese telecoms equipment providers Huawei and ZTE a security risk to the EU and announced that it would no longer underwrite mobile phone services relying on Huawei’s hardware. these companies.
China regularly claims to be itself the victim of numerous cyberattacks. In September, she notably accused the United States of having carried out “tens of thousands” against her interests, some of which, according to her, allowed sensitive data to be stolen, in particular from a Chinese research university.
The release of Mandiant’s report comes days before US Foreign Minister Antony Blinken is due to visit China with the ambition of renewing dialogue with Beijing after several months of high tensions since the balloon incident in February.