(Washington) A group of cyberattackers, visibly linked to the Chinese state, is responsible for a vast computer espionage campaign targeting in particular government agencies of several countries representing a strategic interest for Beijing, according to a report from a subsidiary on Thursday. from Google.
“This is the largest known cyber espionage campaign by a China-linked malicious actor since the massive exploitation of Microsoft Exchange in early 2021,” Charles Carmakal, CTO of cybersecurity specialist Mandiant, said in a statement. which depends on the American techno giant.
“For some of the victims, (the attackers) stole the emails of important employees working on files of interest to the Chinese government,” he added.
The company believes with a “high degree of confidence” that the group responsible for the attack, carried out by email, “conducted espionage activities in support of China”, reads the report published online. .
The attackers “aggressively targeted specific data to exfiltrate it” from victims “located in at least 16 different countries”, an attack “which affected organizations in the public and private sectors all over the world”.
The victims are “almost a third” of government agencies according to Mandiant, which supports, according to the specialist, the hypothesis that this attack was carried out for “espionage purposes.” »
The choice of targets is directly linked to “high priority issues for China, especially in the Asia-Pacific region, including Taiwan”, notes the Google Cloud subsidiary.
The victims include ministries of foreign affairs of the countries of the Association of Southeast Asian Nations (ASEAN), as well as research organizations and foreign trade missions based in Taiwan and Hong Kong.
The attack, carried out via infected emails, managed to detect a breach in tools for filtering and analyzing emails and their attachments, software from the Barracuda company.
The intrusion, which began as early as October 2022, was detected in May, and the group of attackers continued their work to try to maintain their access to the systems despite attempts to plug the digital breach, according to Mandiant.
“We continue to see evidence of malicious activity” in some systems, Barracuda said in a statement Thursday.
The early 2021 hack of Microsoft Exchange, attributed to a group of Chinese hackers backed by Beijing, had affected at least 30,000 American organizations, including businesses, cities and local communities in the United States.
In a visibly different case, several American federal agencies fell victim to a major computer attack on Thursday, according to the American channel CNN.