China has been targeting email servers in American government networks, raising concerns about data exploitation. A state-sponsored criminal group deployed two variations of malware on the Barracuda Email Security Gateway (ESG) between October and December 2022. The extent of the cyberattacks is still under investigation, but suspicions point to UNC4841, an intelligence group believed to be backed by Beijing. The attack’s primary objective appears to be the extraction of sensitive information from high-ranking government officials in North America. In response, Barracuda has released an update addressing the Zero-Day vulnerability in ESG appliances. The Cybersecurity and Infrastructure Security Agency (CISA) also disclosed that the same Chinese group was responsible for unleashing malware on other high-value targets. According to Austin Larsen, a Senior Incident Response Consultant at Mandiant, espionage actors with affiliations to China have refined their toolsets to be more impactful, elusive, and efficient.
Key Points:
1. China has targeted email servers in American government networks, potentially exploiting data.
2. Barracuda Email Security Gateway (ESG) was compromised with two variations of malware.
3. UNC4841, an intelligence group believed to be backed by Beijing, is suspected as the orchestrator of the attacks.
4. The cyberattacks aimed to extract sensitive information from high-ranking government officials in North America.
5. Barracuda has released an update to address the Zero-Day vulnerability in ESG appliances.
6. The Cybersecurity and Infrastructure Security Agency (CISA) confirmed the Chinese group’s involvement in malware attacks on other high-value targets.
7. Espionage actors with affiliations to China have improved their toolsets to be more impactful and elusive.