Mandiant says China-backed hackers exploited Barracuda zero-day to spy on governments

Safety researchers at Mandiant say China-backed hackers are probably behind the mass-exploitation of a not too long ago found safety flaw in Barracuda Networks’ electronic mail safety gear, which prompted a warning to prospects to take away and substitute affected gadgets.

Mandiant, which was referred to as in to run Barracuda’s incident response, mentioned the hackers exploited the flaw to compromise a whole bunch of organizations probably as a part of an espionage marketing campaign in assist of the Chinese language authorities.

Virtually a 3rd of the focused organizations are authorities companies, Mandiant mentioned in a report printed Thursday.

Final month, Barracuda found the safety flaw affecting its E-mail Safety Gateway (ESG) home equipment, which sit on an organization’s community and filter electronic mail visitors for malicious content material. Barracuda issued patches and warned that hackers had been exploiting the flaw since October 2022. However the firm later beneficial prospects take away and substitute affected ESG home equipment, no matter patch stage, suggesting the patches failed or have been unable to dam the hacker’s entry.

In its newest steering, Mandiant additionally warned prospects to switch affected gear after discovering proof that the China-backed hackers gained deeper entry to networks of affected organizations.

Barracuda has about 200,000 company prospects world wide.

Mandiant is attributing the hacks to an as-yet-uncategorized menace group it calls UNC4841, which shares infrastructure and malware code overlaps with different China-backed hacking teams. Mandiant’s researchers say the menace group exploited the Barracuda ESG flaws to deploy customized malware, which maintains the hackers’ entry to the gadgets whereas it exfiltrates knowledge.

In response to its report, Mandiant mentioned it discovered proof that UNC4841 “looked for electronic mail accounts belonging to people working for a authorities with political or strategic curiosity to [China] on the identical time that this sufferer authorities was taking part in high-level, diplomatic conferences with different nations.”

Provided that a big portion of the targets have been authorities entities, the researchers mentioned this helps their evaluation that the menace group has an intelligence-gathering motivation, moderately than conducting harmful knowledge assaults.

Mandiant’s chief know-how officer Charles Carmakal mentioned the hacks focusing on Barracuda prospects is the “broadest cyber espionage marketing campaign” recognized to be carried out by a China-backed hacking group for the reason that mass-exploitation of Microsoft Trade servers in 2021, which Mandiant additionally attributed to China.

Liu Pengyu, a spokesperson for the Chinese language Embassy in Washington D.C., mentioned the allegations that the Chinese language authorities helps hacking is “fully distorting the reality.”

“The Chinese language authorities’s place on cyber safety is constant and clear. We’ve all the time firmly opposed and cracked down on all types of cyber hacking in accordance with the regulation,” the spokesperson mentioned, whereas additionally accusing the U.S. authorities of violating worldwide regulation by finishing up related espionage actions, however with out offering proof for the claims.