US cybersecurity firm Mandiant says Chinese hackers, suspected of being state-backed, exploited a vulnerability in a popular device that provides email security to penetrate the networks of hundreds of public and private sector organizations around the world. Nearly a third of them are government agencies, including foreign ministries. Fifty-five percent of the targets were from the Americas and 24% from the Asia Pacific region. They included foreign ministries in Southeast Asian countries and foreign trade offices and academic organizations in Taiwan and Hong Kong, Mandiant said. The attack against the email security gateway of the company ‘Barracuda Networks’ dates back to October.

“This is the most extensive cyberespionage campaign known to have been carried out by China since the Microsoft Exchange incident in early 2021,” Charles Carmakal, Mandiant’s chief technology officer, said in an emailed statement. The 2021 case compromised tens of thousands of computers worldwide. Mandiant, which is owned by Google, on Thursday expressed “high confidence” that the group that carried out the attack was engaged in “espionage activity in support of the People’s Republic of China”. The announcement says that the activity started in October.

The hackers sent emails containing attachments intended to gain access to the devices and data of the organizations that were targeted, Mandiant said. Barracuda announced on June 6 that some of its email security appliances had been targeted in a cyber attack since October, giving hackers access to compromised networks. The cyberattack was so severe that the California-based company recommended a complete replacement of the equipment.

After discovering the attack in mid-May, Barracuda made efforts to control and repair it, but the group of hackers, which Mandiant identifies as “UNC4841,” changed their computer viruses to try to maintain access, Mandiant said. The group then “responded with high-frequency operations targeting a number of victims in at least 16 different locations.”

News of the attack came as US Secretary of State Antony Blinken heads to China this weekend, as part of the Biden administration’s efforts to repair deteriorating relations between Washington and Beijing. His visit was originally planned for earlier this year, but was postponed indefinitely after the discovery and downing of what Washington said was a Chinese spy balloon flying over the United States.

Mandiant said the targeting of organizations and individual accounts focused on issues that are high policy priorities for China, particularly in the Asia-Pacific region. The company said the hackers searched for the email accounts of people working for governments of political or strategic interest to China at a time when they were attending diplomatic meetings with other countries. In an emailed statement Thursday, Barracuda said about 5% of its active email security devices worldwide showed signs of being impacted by the cyber attack. Barracuda said it was providing replacement devices to affected customers at no cost.

The US government has accused Beijing of being its main cyber espionage threat, as state-backed Chinese hackers regularly steal data from both the private and public sectors. Earlier this year, Microsoft said that state-sponsored Chinese hackers attacked critical US infrastructure and may be working on providing capabilities to disrupt critical communications between the US and Asia during future crises. . China says the US also engages in cyber espionage against it, carrying out cyber attacks on the computer systems of its universities and companies.