Washington: Online attackers with clear links to China are behind a vast cyber espionage campaign targeting government agencies of interest to Beijing, Google subsidiary Mandiant said on Thursday.
“This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” said Mandiant chief technology officer Charles Carmakal.
The cyberattackers compromised the computer defenses of hundreds of organizations, in some cases stealing “emails of prominent employees dealing in matters of interest to the Chinese government,” Carmakal added.
Mandiant reported having “high confidence” that a group referred to as UNC4841 was behind the wide-ranging espionage campaign “in support of the People’s Republic of China.”
The hackers targeted victims in at least 16 different countries, striking organizations in the public and private sectors worldwide, the report said.
The targeting focused on issues of high policy importance to the Chinese government, particularly in the Asia-Pacific region and Taiwan, according to the report.
Victims included foreign ministries, research organizations, and foreign trade missions based in Hong Kong and Taiwan, Mandiant said in its findings.
The attacks involved email messages booby-trapped with malicious code and exploited a vulnerability in Barracuda software for screening such missives to make sure they are safe, according to the report.
The cyber espionage activity was detected in May and is believed to have started as early as October of last year.
“We continue to see evidence of ongoing malware activity” on some systems that were compromised, Barracuda Networks told AFP.
The 2021 hack of Microsoft Exchange, which security researchers attributed to a Beijing-backed group, affected at least 30,000 organizations in the United States including businesses and local governments.
Washington has frequently accused Beijing of cyberattacks against US targets, with the issue contributing to a deterioration in relations between the two powers in recent years.
China has consistently denied the claims, and has railed against alleged US cyber espionage, last year accusing the US National Security Agency of carrying out “tens of thousands of malicious attacks on network targets in China.”
The latest hacking revelations come as Secretary of State Antony Blinken heads to China for talks on Sunday and Monday, the first visit by a top US diplomat in nearly five years.
A senior State Department official said the trip is aimed at helping the two countries manage their “competition” responsibly, and “at a minimum, reduce the risk of miscalculation so that we do not veer into potential conflict.”
Meanwhile, in an apparently unrelated cyberattack, CNN reported Thursday that several US federal agencies had been caught in a Russian group’s hack of the commonly used software MOVEit.
When asked for comment by AFP, the White House pointed to an advisory issued last week by the FBI and CISA, the federal government’s lead cybersecurity agency, warning of the software’s vulnerability and offering information on how to mitigate it.
![]()
Vast cyber espionage campaign linked to China: report
Short Url
https://arab.news/p7npz
Vast cyber espionage campaign linked to China: report
- Victims included foreign ministries, research organizations, and foreign trade missions based in Hong Kong and Taiwan
Sweden intercepts suspected Russian drone during visit by French aircraft carrier
- Swedish naval ship observed the suspected drone during a patrol in the Oresund
- Kremlin says ‘absurd’ to suggest drone jammed near French aircraft carrier is Russian
STOCKHOLM: The Swedish military has intercepted a suspected Russian drone off the south of the country as a French aircraft carrier was docked in the port of Malmo, officials say.
Kremlin said it was ‘absurd’ to suggest drone jammed near French aircraft carrier was Russian.
The armed forces said on Thursday that a Swedish naval ship observed the suspected drone during a patrol in the Oresund, the strait that divides Sweden from Denmark.
They said that unspecified countermeasures were taken to disrupt the drone, and that contact with the drone was then lost.
The French nuclear-powered aircraft carrier Charles de Gaulle is in the southern Swedish city of Malmo this week as part of regular NATO exercise activities. Malmo is located on the Oresund, opposite the Danish capital of Copenhagen.
French military spokesperson Guillaume Vernet said that the drone was detected on Wednesday and handled by Swedish forces integrated into a security system around the carrier. He said Friday that the drone was more than 10 kilometers from the Charles de Gaulle.
“This system showed it is robust, and this event had no impact on the activity of the aircraft carrier battle group,” Vernet said.
Swedish Defense Minister Pal Jonson told public broadcaster SVT Thursday evening that the suspected violation of Swedish airspace by a drone happened in connection with a Russian military ship being in Swedish territorial waters. Asked what country he thinks the drone belongs to, he replied: “Probably Russia.”
The Russian ship continued into the Baltic Sea, and Swedish authorities have been in close contact with Denmark about the incident, Jonson said. The armed forces said no further drones were observed.
Western officials say Russia is masterminding a campaign of sabotage and disruption across Europe. An Associated Press database has documented well over 100 incidents.
Not all incidents are public and it can sometimes take officials months to establish a link to Moscow. While officials say the campaign — waged since President Vladimir Putin’s invasion of Ukraine in 2022 — aims to deprive Kyiv of support, they believe Moscow is also trying to identify Europe’s weak spots and suck up law enforcement resources.
Kremlin said it was ‘absurd’ to suggest drone jammed near French aircraft carrier was Russian.
The armed forces said on Thursday that a Swedish naval ship observed the suspected drone during a patrol in the Oresund, the strait that divides Sweden from Denmark.
They said that unspecified countermeasures were taken to disrupt the drone, and that contact with the drone was then lost.
The French nuclear-powered aircraft carrier Charles de Gaulle is in the southern Swedish city of Malmo this week as part of regular NATO exercise activities. Malmo is located on the Oresund, opposite the Danish capital of Copenhagen.
French military spokesperson Guillaume Vernet said that the drone was detected on Wednesday and handled by Swedish forces integrated into a security system around the carrier. He said Friday that the drone was more than 10 kilometers from the Charles de Gaulle.
“This system showed it is robust, and this event had no impact on the activity of the aircraft carrier battle group,” Vernet said.
Swedish Defense Minister Pal Jonson told public broadcaster SVT Thursday evening that the suspected violation of Swedish airspace by a drone happened in connection with a Russian military ship being in Swedish territorial waters. Asked what country he thinks the drone belongs to, he replied: “Probably Russia.”
The Russian ship continued into the Baltic Sea, and Swedish authorities have been in close contact with Denmark about the incident, Jonson said. The armed forces said no further drones were observed.
Western officials say Russia is masterminding a campaign of sabotage and disruption across Europe. An Associated Press database has documented well over 100 incidents.
Not all incidents are public and it can sometimes take officials months to establish a link to Moscow. While officials say the campaign — waged since President Vladimir Putin’s invasion of Ukraine in 2022 — aims to deprive Kyiv of support, they believe Moscow is also trying to identify Europe’s weak spots and suck up law enforcement resources.
Latest updates
© 2026 SAUDI RESEARCH & PUBLISHING COMPANY, All Rights Reserved And subject to Terms of Use Agreement.