Microsoft headquarters in Redmond, Washington in a file image. Ted S Warren (AP)
Microsoft sounded the alarm on Wednesday and warned of an attack by state-backed Chinese hackers on critical US communications infrastructure. Microsoft discovered this intrusion into its systems with the help of US secret services. The fact that some of the compromised systems were operating in Guam in the western Pacific, where the United States has an important base for possible support for Taiwan, only added to the concern.
The company shared its discovery in a detailed post with lines of code and plenty of information about the attack it suffered. His explanations will allow you to take precautions to become a victim of this hacker attack. “Microsoft has discovered stealthy and targeted malicious activity focused on post-breach credential access and network system discovery targeting critical infrastructure organizations in the United States,” the message begins. “The attack is being carried out by Volt Typhoon, a China-based state-sponsored actor typically focused on espionage and intelligence gathering,” it said.
Microsoft says it has “moderate confidence” that this Volt Typhoon group’s campaign will pursue the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia in future crises. The burglary was initially only for espionage purposes and there was no sabotage or other damage.
The National Security Agency (NSA) has also released a 24-page report detailing the methods used by the group allegedly backed by the Chinese government. The report said security and intelligence agencies from the US, Australia, New Zealand and the UK were working on the investigation.
secret operation
Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. Organizations impacted by this campaign include communications, manufacturing, utilities, transportation, construction, shipping, government, information technology and education. “The observed behavior indicates that the threat actor intends to engage in spying and keep access undetected for as long as possible,” Microsoft said.
Join EL PAÍS to follow all the news and read without restrictions.
subscribe to
To achieve their objective, the Volt Typhoon group placed great emphasis on stealth in their operation, relying almost exclusively on very difficult-to-detect techniques. According to Microsoft’s summary, group members issue commands from the command line to collect data, including credentials from local and network systems, write the data to an archive file to prepare it for extraction, and then use the stolen valid credentials, to keep the burglary going.
In addition, Volt Typhoon attempts to interfere with normal network activity by routing traffic through compromised small office and home office (SOHO) network devices, including routers, firewalls, and virtual private network (VPN) hardware. They have also been observed using custom versions of open source tools to set up a command and control channel through a proxy to remain more stealthy, he continues.
As with any observed activity by a domestic player, Microsoft has directly notified affected or compromised customers and provided them with critical information they need to protect their environments.
Subscribe to the EL PAÍS America newsletter here and receive the latest news from the region