Microsoft has warned that a state-sponsored Chinese hacker group has compromised “critical” infrastructure in the US in a bid to disrupt communications between the country and Asia in the event of a crisis.
In a rare announcement of a system breach, the US tech giant said the hackers, codenamed “Volt Typhoon,” had been in action since mid-2021. They have been able to infiltrate companies across all industries by exploiting vulnerabilities in a popular cyber security platform called FortiGuard, Microsoft said.
“In this campaign, affected organizations span communications, manufacturing, utilities, transportation, construction, shipping, government, information technology and education,” Microsoft said. It added that the hacking group’s actions focused on intelligence gathering and espionage, rather than immediate disruption.
It added, “Microsoft is moderately confident that this Volt Typhoon campaign seeks to develop capabilities that could disrupt critical communications infrastructure between the United States and the Asia region in future crises.”
Microsoft said it notified targeted or compromised customers, asking them to close or secure their accounts.
U.S. and international cyber security agencies issued a joint Volt Typhoon Alert on Wednesday, which also warned of state-sponsored cyber threats facing China.
Recommended
Rob Joyce, director of cybersecurity at the US National Security Agency, said: “A state-sponsored actor from the People’s Republic of China lives off the land, uses built-in network tools to evade our defenses and leaves no trace.” That’s why it’s essential for us to work together to find the actor and remove him from our critical networks.”
“Living off the land” refers to cyber attacks that use legitimate tools already installed on a person’s devices to perform a hack. This makes detection far more difficult than traditional malware attacks, where the victim typically downloads files.
John Hultquist, chief analyst at Mandiant Intelligence — a cyber defense service owned by Google — said the Volt Typhoon hack was “aggressive and potentially dangerous.”
“Chinese cyber threat actors are unique compared to their peers in that they have not regularly resorted to destructive and disruptive cyber attacks. As such, their performance is quite opaque. This disclosure is a rare opportunity to investigate and prepare for this threat.”