US Critical Infrastructure Hacked, Chinese Gov’t-Backed Group Blamed
By Staff, Agencies
The United States and its cybersecurity allies blame a Chinese government-backed hacking group for spying on critical US infrastructure organizations, including the one in the island territory of Guam, which is home to strategic military bases.
Microsoft and Western intelligence agencies said in separate reports on Wednesday that hackers had managed to insert a computer code that blended into Microsoft Windows systems, and evaded detection while maintaining access and gathering information.
In a separate statement, Microsoft said a state-sponsored Chinese hacking group, dubbed 'Volt Typhoon', had carried out the hack.
The group, it said, targeted organizations from telecommunications to transportation hubs, Western intelligence agencies and Microsoft itself, as well as the crucial US military outpost of Guam in the Pacific Ocean.
Guam is a major communications hub connecting Asia and Australia to the United States by multiple submarine cables.
“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the tech company said.
It added, “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.”
Microsoft analysts said they had "moderate confidence" this group was developing capabilities that could disrupt critical communications infrastructure between the United States and Asia region in any possible future crises.
"It means they are preparing for that possibility," added John Hultquist, who heads threat analysis at Google's Mandiant Intelligence.
Hultquist said the Chinese activity is unique and worrying as well because analysts don't yet have enough visibility on what this group might be capable of.
"There is greater interest in this actor because of the geopolitical situation,” he noted.
Security analysts warned that the hackers could target US military networks and other critical infrastructure if China attacks Chinese Taipei [Taiwan].
It was not immediately clear how many organizations were affected, or what information may have been gleaned.
The cyberattack approach is called “living off the land,” and sees hackers using “built-in network tools to evade our defenses and leaving no trace behind,” said Rob Joyce, NSA cybersecurity director.
Canada, the UK, Australia and New Zealand warned they could be targeted by the hackers too.
Canada’s cybersecurity agency, however, said separately that it had had no reports of Canadian victims of the hacking as yet.
“However, Western economies are deeply interconnected,” it added.
The UK similarly warned the techniques used by the Chinese hackers on US networks could be applied worldwide.
China has yet to respond to the allegations.
Meanwhile, China has already branded the US as the “biggest threat to global cybersecurity,” saying that Washington “knowingly abuses technology” for spying and a range of other purposes.
The United States is seeking to preserve “hegemony in cyberspace” under the false pretext of “national security,” Chinese Foreign Ministry spokesperson Mao Ning told reporters back in April, urging the US to “stop its global hacking operations.”
The rivalry between the US and China has intensified in recent years, with Beijing’s growing international clout and rapid economic progress emerging as a viable counter-weight to the US.