Suspected state-backed Chinese hackers used a security hole in a popular email security appliance to break into the networks of hundreds of public and private sector organizations globally.
Nearly a third of them are government agencies, including foreign ministries, the cybersecurity firm Mandiant said Thursday.
Google-owned Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks’ Email Security Gateway was engaged in “espionage activity in support of the People’s Republic of China.”
The activity began as early as October.
The hackers sent emails containing malicious file attachments to gain access to targeted organizations’ devices and data, Mandiant said.
Of those organizations, 55% were from the Americas, 22% from Asia Pacific and 24% from Europe, the Middle East and Africa and they included foreign ministries in Southeast Asia, foreign trade offices and academic organizations in Taiwan and Hong Kong.
Mandiant said the majority impact in the Americas may partially reflect the geography of Barracuda’s customer base.
The hackers searched for email accounts of people working for governments of political or strategic interest to China at the time they were participating in diplomatic meetings with other countries.