Microsoft has spotted a Chinese state-sponsored hacker group called ‘Volt Typhoon’ targeting critical infrastructure organizations in the United States.
On Wednesday, the tech giant said with ‘moderate confidence’ that the hacking campaign was pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.
The espionage has also targeted the US island territory of Guam, home to strategically important American military bases, said the report, adding that ‘mitigating this attack could be challenging’. Guam is also a major communications hub connecting Asia and Australia to the United States by multiple submarine cables.
While China and the United States routinely spy on each other, analysts say this is one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure.
Chinese foreign ministry spokesperson Mao Ning said on Thursday the hacking allegations were a ‘collective disinformation campaign’ from the Five Eyes countries, a reference to the intelligence sharing grouping of countries made up of the United States, Canada, New Zealand, Australia and the UK.
Mao said the campaign was launched by the US for geopolitical reasons and that the report from Microsoft analysts showed that the US government was expanding its channels of disinformation beyond government agencies.
‘But no matter what varied methods are used, none of this can change the fact that the United States is the empire of hacking,’ she told a press briefing in Beijing.
It was not immediately clear how many organizations were affected, but the US National Security Agency (NSA) said it was working with its partners and the FBI to identify breaches. Canada, UK, Australia and New Zealand warned they could be targeted by the hackers too.
China has stepped up military and diplomatic pressure in its claim to democratically governed Taiwan after US President Joe Biden said he would be willing to use force to defend Taiwan.
Security analysts expect Chinese hackers could target US military networks and other critical infrastructure if China invades Taiwan.
The UK’s National Cyber Security Centre – a part of GCHQ – issued a new joint advisory on how the same techniques could be applied worldwide.
‘It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems,’ Paul Chichester, director at the UK’s National Cyber Security Centre said in a joint statement with the NSA.
Microsoft said the Chinese hacking group has been active since at least 2021 and has targeted several industries including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education.
NSA cybersecurity director Rob Joyce said the Chinese campaign was using ‘built-in network tools to evade our defenses and leaving no trace behind’. Such techniques are harder to detect as they use ‘capabilities already built into critical infrastructure environments,’ he added.
As opposed to using traditional hacking techniques, which often involve tricking a victim into downloading malicious files, Microsoft said this group infects a victim’s existing systems to find information and extract data.
‘This attack is particularly complex and difficult to identify as it involves multiple compromises and tools. The US DoD, UK’s NCSC, and UK MoD are already working with ethical hackers, with the US DoD having fixed over 45,000 vulnerabilities as a result,’ said Shlomie Liberow, Head of Hacker Research and Development at HackerOne.
MORE : Rishi warns China ‘poses greatest security challenge of our time’ at G7
MORE : Former PM to urge Rishi to brand China a ‘threat’ to UK security