The US Cybersecurity and Infrastructure Security Agency (CISA) said they were “working to understand the impacts” to several US federal government agencies hit in the global cyber attack on Thursday, local time.

It comes as the Google-owned cybersecurity firm Mandiant announced suspected Chinese hackers breached hundreds of public and private networks around the world since October last year, with “high confidence” the group was engaged in “espionage activity in support of the People’s Republic of China.”

“This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Charles Carmakal, Mandiant’s chief technical officer said in a statement to AP.

Australia and its Five Eyes security allies in late May warned that Chinese state-sponsored cyber espionage group Volt Typhoon was responsible for cyber attacks targeting “critical infrastructure” in the United States and the Pacific.

While CISA did not confirm who carried out the latest attacks targeting America’s critical infrastructure, CNN reported that a Russian-speaking ransomware group known as CLOP has claimed credit for other victims in the hacking campaign that began two weeks ago targeting universities and state governments.

CISA’s executive assistant director for cybersecurity, Eric Goldstein, said in a statement that the breach affected MOVEit, a widely used file transfer application that was first exploited by the Russian-backed hackers.

Owners of the MOVEit software have urged victims to update their software and issued security advice for organisations to follow mitigation steps to hunt for malicious activity.

Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, added to MSNBC they did not expect a “significant impact” to government agencies.

In a blog post on Thursday, local time, Mandiant said Chinese hackers breached hundreds of public and private networks through a software vulnerability in Barracuda Networks’ Email Security Gateway. The “zero-day” exploit was being used as early as October 2022 before Barracuda announced the vulnerability on May 23.

“Overall, Mandiant identified that this campaign has impacted organisations across the public and private sectors worldwide, with almost a third being government agencies,” the blog post said.

More than half, 55 per cent, of victims were in the Americas with the remainder in Europe, 24 per cent, and in the Asia Pacific, 22 per cent.

Among the recent organisations to publicly announce breaches in the US are Baltimore’s Johns Hopkins University, and more than a dozen universities and colleges in the state of Georgia.

Barracuda recommended all customers isolate and replace compromised appliances and conduct investigations into impacted networks.

Details of the cyber attacks come less than a month after US’s National Security Agency said it was working with the security agencies of Australia, New Zealand, the UK, and Canada to identify cyber security breaches, identifying China’s Volt Typhoon as using built-in network administration tools to blend in with Microsoft Windows operating systems and avoid detection.

“Cyber actors find it easier and more effective to use capabilities already built into critical infrastructure environments. A PRC state-sponsored actor is living off the land, using built-in network tools to evade our defences and leaving no trace behind,” said Rob Joyce, NSA Cybersecurity Director.

“That makes it imperative for us to work together to find and remove the actor from our critical networks.”

More Coverage

China’s wild attack on Australia

Justin Vallejo

What Silicon Valley Bank collapse means for Aussies

Justin Vallejo

Originally published as Chinese, Russian hackers linked to major global cyber attack