Hackers sponsored by the Chinese regime they have been attacking critical US infrastructure and could be laying the technical groundwork for possible disruption of vital communications between the United States and Asia during future crises, Microsoft said Wednesday.
The targets include facilities on Guam, where the United States has a significant military presence, the company said.
Hostile activity in cyberspace—from espionage to pre-positioning malware for possible future attacks—has become a hallmark of modern geopolitical rivalry.
Microsoft noted in a blog post that the state-backed hacker group, which it refers to as Volt Typhoonhas been in operation since mid-2021. He added that some of the organizations affected by the hacks — which seek persistent access — include the telecommunications, manufacturing, utilities, transportation, construction, maritime, information technology, and education sectors.
Microsoft indicated that Volt Typhoon (The Volt Typhoon) has been active since mid-2021 and Targets Guam’s Critical Infrastructure, a major US military enclave in the Pacific Ocean. “Microsoft estimates, with moderate confidence, that this Volt Typhoon campaign pursues the development of capabilities that could disrupt critical communications infrastructure between the United States and the Asian region during future crises“, he pointed.
“The observed behavior suggests that the threat actor intended to eavesdrop and maintain access undetected for as long as possible,” they stated.
Guam, a US territory since 1898, is strategically located in the western Pacific. There remains a naval and air base, where a total of 6,000 soldiers are deployed and which controls 40% of the territory.
Separately, the National Security Agency, the FBI, the Cyber and Infrastructure Security Agency, and their counterparts in Australia, New Zealand, Canada, and Great Britain, released a joint advisory sharing technical details about “the cluster of recently discovered activity.
They warned that similar activities could be occurring globally.
The authorities added in the statement that espionage could camouflage itself in Windows systems.
A Microsoft spokesperson declined to say why the tech giant made the announcement at this time or whether it has seen a recent spike in attacks on vital infrastructure on Guam or adjacent US military installations in the region, including a major air force base.
John Hultquist, chief analyst for Google’s Mandiant cybersecurity intelligence operation, said Microsoft’s announcement was “possibly a really important find”.
“We don’t see many of these types of reports from China. they are unusual“, said. “We know a lot about the cyber capabilities of Russia and North Korea and Iran because they have been doing this on a regular basis.” China has generally refrained from using the kind of tools that can be used to plant not only intelligence-gathering capabilities, but also malware for damaging attacks during armed conflict, he noted.
The National Security Agency (NSA) confirmed the Chinese incursion also this Wednesday. “An agent, sponsored by China, and who lives outside the territory (of the US), is using tools integrated into networks to evade our defenses and leave no tracesaid Rob Joyce, the NSA’s director of cybersecurity.
The director of the United States Cybersecurity and Infrastructure Security Agency, Jen Easterly, also published a warning related to the Volt Typhoon. “For years, China has conducted operations around the world to steal intellectual property and sensitive data from critical infrastructures of organizations across the globe.”
“Today’s notice, published in collaboration with our US and international partners, reflects how China is using highly sophisticated means to attack our nation’s critical infrastructure”.
Microsoft said the raid campaign had “a strong emphasis on stealth” and attempted to blend in with normal network activity by hacking into small office network equipment, including routers. He said the intruders initially gained access through Fortiguard devices, which are designed to use machine learning to detect malware.
For its part, China on Thursday accused the United States and its Western allies of carrying out a disinformation campaign. “It is clear that this is a collective disinformation campaign,” said Mao Ning, a spokesman for the Foreign Ministry.
(With information from AFP, EFE, AP)
Ukraine shot down 36 Iranian-made drones in a new night attack by Russian troops
The United States approved the sale of an air defense system to Ukraine for USD 285 million