May 24 (Portal) – A state-sponsored Chinese hacker group has been spying on a variety of key US infrastructure organizations, from telecommunications to transportation hubs, Western intelligence agencies and Microsoft (MSFT.O) said on Wednesday.
The espionage also targeted the US island territory of Guam, where strategically important American military bases are located, Microsoft said in a report, adding that “containing this attack could pose a challenge.”
While China and the United States routinely spy on each other, analysts say this is one of the largest known Chinese cyber-espionage campaigns targeting American critical infrastructure.
The Chinese embassy in Washington did not immediately respond to a Portal request for comment.
It wasn’t immediately clear how many organizations were affected, but the US National Security Agency (NSA) said it was working with partners including Canada, New Zealand, Australia and the UK, as well as the US Federal Bureau of Investigation, to identify violations. Canada, Great Britain, Australia and New Zealand warned that they could also be targeted by hackers.
Microsoft analysts said they have “moderate confidence” that this Chinese group, which they dubbed “Volt Typhoon,” is developing capabilities that could disrupt critical communications infrastructure between the United States and the Asia region in future crises.
“That means they’re preparing for that possibility,” added John Hultquist, who leads threat intelligence at Google’s Mandiant Intelligence.
The Chinese activities are unique and worrying, also because analysts do not yet have enough insight into the possibilities of this group, he added.
“Due to the geopolitical situation, there is a greater interest in this player.”
As China has increased military and diplomatic pressure in its claim for a democratically ruled Taiwan, US President Joe Biden has said he is ready to use force to defend Taiwan.
Security analysts believe Chinese hackers could target US military networks and other critical infrastructure if China invades Taiwan.
The NSA and other western cyber agencies have urged companies operating critical infrastructure to use the technical guidance they issue to detect malicious activity.
“It is vital that operators of critical national infrastructure take steps to prevent attackers from hiding on their systems,” said Paul Chichester, director of the UK’s National Cyber Security Centre, in a joint statement with the NSA.
Microsoft said the Chinese hacking group has been active since at least 2021 and has targeted multiple industries, including communications, manufacturing, utilities, transportation, construction, shipping, government, information technology and education.
NSA cybersecurity director Rob Joyce said the Chinese campaign was using “built-in network tools to bypass our defenses and leave no trace”. Such techniques are harder to spot because they “use capabilities that are already built into critical infrastructure environments,” he added.
Unlike traditional hacking techniques, which often involve tricking a victim into downloading malicious files, Microsoft says this group infects a victim’s existing systems to find information and extract data.
Guam is home to US military installations that would be critical to responding to a conflict in the Asia-Pacific region.
New Zealand said it will work to identify such activity in its country.
“It is important to the national security of our country that we are transparent and open to Australians about the threats we face,” said Australian Home and Cybersecurity Secretary Clare O’Neil.
Canada’s cybersecurity agency said it had no reports of Canadian victims of this hack. “However, the Western economies are deeply interconnected,” it said. “Much of our infrastructure is tightly interconnected, and an attack on one can impact the other.”
Reporting by Chavi Mehta in Bengaluru; Edited by Anil D’Silva
Our standards: The Thomson Portal Trust Principles.
Christopher Bing