Mandiant Says Chinese Hackers Broke Into Barracuda Zero-Day to Spy on Governments

Chinese Embassy in the US denies allegations of cyber-espionage

Mandiant Says Chinese Hackers Broke Into Barracuda Zero-Day to Spy on Governments
China-backed hackers were allegedly involved in exploiting Barracuda’s software loophole. PETER PARKS/AFP via Getty Images

American cybersecurity firm Mandiant said China-backed hackers were likely behind the mass exploitation of a recently discovered security flaw in Barracuda Networks' email security gear, prompting the company to warn its customers to remove and replace affected devices.

In its report published Tuesday, June 13, Mandiant explained the hackers exploited the flaw in Barracuda's system to compromise hundreds of organizations, including government agencies. The firm believed the hacking stunt was likely part of an espionage campaign supporting the Chinese government.

Barracuda has about 200,000 corporate customers worldwide.

How Was Barracuda Hacked?

Last month, Barracuda discovered a security flaw affecting its Email Security Gateway (ESG) appliances sitting on a company's network and filtering email traffic for malicious content.

In response, Barracuda issued patches and warned that hackers had been exploiting the issue since October 2022 but later recommended customers remove and replace affected ESG devices, regardless of patch level. The later decision suggested the patches failed or could not block the hacker's access.

Mandiant also warned its customers to replace affected gear after finding further evidence that China-backed hackers gained deeper access to the networks of affected organizations.

Read Also: Ransomware Gang Releases List of Companies Hit by MOVEit Data Breaches

Who Hacked Barracuda?

Mandiant attributed the hacks to an alleged threat group called UNC4841, which shares infrastructure and malware code overlaps with other China-backed hacking groups. Researchers also said the threat group exploited the Barracuda ESG flaws to deploy custom malware, allowing hackers access to the devices while exfiltrating data.

UNC4841, Mandiant said, "searched for email accounts belonging to individuals working for a government with political or strategic interest to [China] at the same time that this victim government was participating in high-level, diplomatic meetings with other countries."

The volume of government agencies being hacked in the incident made Mandiant's researchers conclude the threat group has an intelligence-gathering motivation, particularly matters pertaining to Taiwan, Hong Kong, and Southeast Asia, instead of conducting destructive data attacks.

Mandiant CTO Charles Carmakal said the hacks targeting Barracuda customers were "the broadest cyber espionage campaign" known to be conducted by a China-backed hacking group since 2021 when hackers exploited loopholes in Microsoft Exchange servers, which the firm also attributed to China.

China Denies Hacking Allegations

Meanwhile, an official in the Chinese Embassy in Washington DC denied Mandiant's allegations, saying the report perceiving the Chinese government as supporting hacking activities was "completely destroying the truth."

Liu Pengyu, a spokesperson for the Chinese Embassy, accused the US government of violating international law by carrying out similar cyber-espionage activities but did not provide any evidence for the claims. "The Chinese government's position on cyber security is consistent and clear," he said. "We have always firmly opposed and cracked down on all forms of cyber hacking in accordance with the law."

Tags
China
Real Time Analytics