State-backed Chinese hackers may be laying the groundwork for disruption, Microsoft says
BOSTON: State-backed Chinese hackers have been targeting critical U.S. infrastructure and could lay the technological groundwork for a potential disruption of critical communications between the U.S. and Asia during future crises, Microsoft said on Wednesday.
The company said the targets included sites in Guam, where the U.S. has a significant military presence.
Hostile activity in cyberspace—from espionage to advanced targeting of malware for potential future attacks—has become a hallmark of modern geopolitical competition.
The state-sponsored hacking group Volt Typhoon has been active since mid-2021, Microsoft said in a blog post. It said the organizations affected by the hack – seeking persistent access – were in the communications, manufacturing, utilities, transport, construction, maritime, information technology and education sectors.
Separately, the NSA, FBI, Cybersecurity and Infrastructure Security Agency (CISA), and counterparts from Australia, New Zealand, Canada, and the United Kingdom released a joint advisory sharing information on a “series of recently uncovered activities.” technical details.
A Microsoft spokesman would not say why the software giant was making the announcement now or whether it had recently seen an increase in attacks targeting critical infrastructure in Guam or nearby U.S. military installations, including a major air force base.
John Hultquist, principal analyst at Google’s Mandiant cybersecurity intelligence unit, called Microsoft’s announcement “potentially a very important finding.”
“We don’t see a lot of this kind of probing from China. It’s rare,” Hultquist said. “We know a lot about the cyber capabilities of Russia, North Korea, and Iran because they do it so often.” He added that China generally does not use tools that could be used for seeding, not just intelligence-gathering capabilities but destructive capabilities in armed conflict Attacking malware.
Microsoft said the intrusion had “a strong emphasis on stealth” and attempted to blend into normal network activity by compromising small office network devices, including routers. It said intruders gained initial access through internet-facing Fortiguard appliances, which are designed to use machine learning to detect malware.
Fortinet, the maker of the Fortiguard appliance, did not immediately respond to an email seeking more details.
“For years, China has been actively conducting cyber operations to steal intellectual property and sensitive data from organizations around the globe,” CISA Director Jen Easterly said, urging mitigation of affected networks to prevent possible disruptions. Bryan Vorndran, assistant director of the FBI’s cyber division, called the intrusions “an unacceptable tactic” in the same statement.
Tensions between Washington and Beijing – which the U.S. national security establishment views as its main military, economic and strategic rival – have been rising in recent months.
Tensions rose last year after then-House Speaker Nancy Pelosi visited democratically run Taiwan, prompting China, which claims the island as its territory, to launch military exercises around the island.
Tensions between the U.S. and China rose further earlier this year after the U.S. shot down a Chinese spy balloon that was flying over the United States.