In a report released Thursday, the Google subsidiary blamed a group of cyberattacks that it says are clearly linked to the Chinese state and are responsible for a massive information espionage campaign targeting government agencies in several countries that represent Beijing’s strategic interests.
“This is the largest known cyber-espionage campaign launched by a China-linked attacker since the massive Microsoft Exchange exploit in early 2021,” said Charles Carmakal, CTO of Mandiant, a cybersecurity firm.
“Some of the victims (hackers) have their emails stolen from valuable employees working on files of interest to the Chinese government,” he added.
In its online report, the company believes “with a high degree of certainty” that the group responsible for the email attack was “conducting espionage activities in support of China.”
It said that the attackers “forcibly targeted certain data in order to give it away”, noting that the victims “are located in at least 16 different countries.”
It says the attack “targets organizations in the public and private sectors around the world.”
And “about a third” of the number of victims are state structures, which, according to Mandiant, supports the hypothesis that this attack was carried out for “espionage purposes.”
The choice of targets is directly related to “top-priority issues for China, especially in the Asia-Pacific region, including Taiwan,” according to the company, which is a subsidiary of Google Cloud.
Those affected include the foreign ministries of the Association of Southeast Asian Nations (ASEAN) countries, as well as research organizations and foreign trade missions based in Taiwan and Hong Kong.