Mandiant stated on Thursday that they have “high confidence” that the Chinese-backed group UNC 4841 is behind the exploitation of Barracuda Network’s Email Security Gateway. Starting in October 2022, the hackers sent malicious emails to Barracuda clients to gain access to their devices and sensitive information. Over half of the victims are American, a quarter from Asia Pacific, and another quarter from Europe, the Middle East, and Africa. The group specifically targeted foreign trade organizations and academic institutions in Taiwan and Hong Kong as well.

Barracuda announced that its email applications were compromised on June 6, and recommended fully replacing the software. The company attempted to counter UNC4841 in mid-May with patches, but the hackers adapted their malware to maintain access. Following this intervention, UNC4841 escalated attacks on victims in 16 different countries. Barracuda estimates 5% of its Email Security Gateway customers were compromised and will provide replacement software at no cost. U.S. Secretary of State Antony Blinken heads to China this weekend to reestablish ties between Beijing and Washington.

Read More:

https://apnews.com/article/barracuda-mandiant-cybersecurity-china-hackers-a52d1595c9108d2c58df11e38756600d