An extensive cyber espionage operation by a group linked to China

A group of cyber attackers, clearly linked to the Chinese state, are responsible for a massive computer espionage campaign specifically targeting government agencies from several countries of strategic interest to Beijing, a report from a Google subsidiary said Thursday.

• Also read: Defense: The Trudeau government must urgently wake up and prepare our military

• Also read: These files are the origin of tensions between Canada and China

• Also read: A bank accused of paying China worries Ottawa

“This is the largest known cyberespionage campaign by a malicious actor linked to China since the massive Microsoft Exchange exploit in early 2021,” Charles Carmackal, Mandiant’s chief technology officer who specializes in cybersecurity, said in a statement. And it depends on the US tech giant.

He added that “some of the victims (attackers) stole the emails of important employees working on files of interest to the Chinese government.”

The company believes “with a high degree of confidence” that the group responsible for the attack, which was carried out via email, “conducted espionage activities in support of China,” we can read in the report published online.

“The attackers targeted very specific data to infiltrate it ‘from victims’ located in at least 16 different countries,” an attack that “affected organizations in the public and private sectors around the world.”

The victims constitute “nearly a third” of government agencies, according to Mandiant, who supports, according to the specialist, the hypothesis that this attack was carried out for “espionage purposes.”

The selection of targets is directly related to “high-priority issues for China, especially in the Asia-Pacific region, including Taiwan,” notes the Google Cloud branch.

Among the victims are the foreign ministries of the Association of Southeast Asian Nations (ASEAN), as well as research organizations and foreign trade missions based in Taiwan and Hong Kong.

The attack, which was carried out via infected emails, succeeded in revealing a breach in the tools for filtering and analyzing emails and attachments, software from Barracuda.

The breach, which began as early as October 2022, was discovered in May, and the attacker group has continued their work to try to maintain their access to systems despite attempts to bridge the digital breach, according to Mandiant.

“We continue to see evidence of malicious activity” in some systems, Barracuda said in a statement.

The Microsoft Exchange hack in early 2021, attributed to a group of Chinese hackers backed by Beijing, affected at least 30,000 American organizations, including businesses, cities and communities in the United States.

In a distinctly different situation, several US federal agencies fell victim to a major computer attack on Thursday, according to US channel CNN.