Suspected Chinese hackers disproportionately targeted and breached government and government-linked organizations worldwide in recent attacks targeting a Barracuda Email Security Gateway (ESG) zero-day, with a focus on entities across the Americas.
Almost a third of appliances hacked in this campaign belonged to government agencies, most of them between October and December 2022, according to a Mandiant report published today.
"Notably, among North American identified affected organizations, there were numerous state, provincial, county, tribal, city, and town offices that were targeted in this campaign," Mandiant said.
"While overall local government targeting comprises just under seven percent of all identified affected organizations, this statistic increases to nearly seventeen percent when compared to U.S.-based targeting alone."
The attacks' motivation was espionage, with the threat actor (tracked as UNC4841) engaging in targeted exfiltration from systems belonging to high-profile users in government and high-tech verticals.
Barracuda warned customers that the vulnerability was being exploited to breach ESG appliances on May 20, when it also patched all vulnerable devices remotely.
Ten days later, the company also revealed that the zero-day bug had been abused in attacks for at least seven months, since at least October 2022, to drop previously unknown malware and steal data from compromised systems.