NewsBite

Chinese, Russian hackers linked to major global cyber attack

The maker of a popular app has called for users to immediately update software after two global cyber attacks breached hundreds of government and private networks. Are you targeted?

Australia's privacy monitor hit by cyber attack

Hundreds of public and private networks have been breached in two global cyber attacks linked to Chinese spies and Russian-backed hacking groups, according to US intelligence agencies and a Google-owned cybersecurity firm.

The US Cybersecurity and Infrastructure Security Agency (CISA) said they were “working to understand the impacts” to several US federal government agencies hit in the global cyber attack on Thursday, local time.

It comes as the Google-owned cybersecurity firm Mandiant announced suspected Chinese hackers breached hundreds of public and private networks around the world since October last year, with “high confidence” the group was engaged in “espionage activity in support of the People’s Republic of China.”

Hackers behind two global cyber attacks have been linked to Russia and China. Picture: Supplied
Hackers behind two global cyber attacks have been linked to Russia and China. Picture: Supplied

“This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Charles Carmakal, Mandiant’s chief technical officer said in a statement to AP.

Australia and its Five Eyes security allies in late May warned that Chinese state-sponsored cyber espionage group Volt Typhoon was responsible for cyber attacks targeting “critical infrastructure” in the United States and the Pacific.

While CISA did not confirm who carried out the latest attacks targeting America’s critical infrastructure, CNN reported that a Russian-speaking ransomware group known as CLOP has claimed credit for other victims in the hacking campaign that began two weeks ago targeting universities and state governments.

CISA’s executive assistant director for cybersecurity, Eric Goldstein, said in a statement that the breach affected MOVEit, a widely used file transfer application that was first exploited by the Russian-backed hackers.

Owners of the MOVEit software have urged victims to update their software and issued security advice for organisations to follow mitigation steps to hunt for malicious activity.

Australia and its Five Eyes allies have warned of an increase of state-sponsored cyber espionage targeting critical infrastructure. Picture: Supplied
Australia and its Five Eyes allies have warned of an increase of state-sponsored cyber espionage targeting critical infrastructure. Picture: Supplied

Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, added to MSNBC they did not expect a “significant impact” to government agencies.

In a blog post on Thursday, local time, Mandiant said Chinese hackers breached hundreds of public and private networks through a software vulnerability in Barracuda Networks’ Email Security Gateway. The “zero-day” exploit was being used as early as October 2022 before Barracuda announced the vulnerability on May 23.

“Overall, Mandiant identified that this campaign has impacted organisations across the public and private sectors worldwide, with almost a third being government agencies,” the blog post said.

More than half, 55 per cent, of victims were in the Americas with the remainder in Europe, 24 per cent, and in the Asia Pacific, 22 per cent.

Among the recent organisations to publicly announce breaches in the US are Baltimore’s Johns Hopkins University, and more than a dozen universities and colleges in the state of Georgia.

Barracuda recommended all customers isolate and replace compromised appliances and conduct investigations into impacted networks.

U.S. warns China could hack infrastructure

Details of the cyber attacks come less than a month after US’s National Security Agency said it was working with the security agencies of Australia, New Zealand, the UK, and Canada to identify cyber security breaches, identifying China’s Volt Typhoon as using built-in network administration tools to blend in with Microsoft Windows operating systems and avoid detection.

“Cyber actors find it easier and more effective to use capabilities already built into critical infrastructure environments. A PRC state-sponsored actor is living off the land, using built-in network tools to evade our defences and leaving no trace behind,” said Rob Joyce, NSA Cybersecurity Director.

“That makes it imperative for us to work together to find and remove the actor from our critical networks.”

Originally published as Chinese, Russian hackers linked to major global cyber attack

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

Original URL: https://www.dailytelegraph.com.au/news/world/chinese-russian-hackers-linked-to-major-global-cyber-attack/news-story/dfce76bfc6ebc0976573836c7ce20221