- Western intelligence agencies and Microsoft claims that a state-sponsored Chinese hacking group has been spying on a wide range of U.S. critical infrastructure organizations.
- Microsoft said in a report, “Mitigating this attack could be challenging.”
- Analysts say this is one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure.
- It was not immediately clear how many organizations were affected, but the U.S. National Security Agency (NSA) said it was working with partners to identify breaches.
- New Zealand said it would work towards identifying any such malicious cyber activity in its country. Canada’s cybersecurity agency said it had no reports of Canadian victims of this hacking as yet.
Western intelligence agencies and Microsoft claims that a state-sponsored Chinese hacking group has been spying on a wide range of U.S. critical infrastructure organizations, from telecommunications to transportation hubs. The espionage has also targeted the U.S. island territory of Guam, home to strategically important American military bases.
Microsoft said in a report, “Mitigating this attack could be challenging.” While China and the United States routinely spy on each other, analysts say this is one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure.
The Chinese embassy in Washington did not immediately respond to the news agency’s request for comment.
It was not immediately clear how many organizations were affected, but the U.S. National Security Agency (NSA) said it was working with partners including Canada, New Zealand, Australia, and the UK, as well as the U.S. Federal Bureau of Investigation to identify breaches. Canada, the UK, Australia, and New Zealand warned they could be targeted by the hackers too.
Microsoft analysts said they had moderate confidence, that a Chinese group, dubbed as ‘Volt Typhoon’, was developing capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises. The Chinese activity is unique and worrying also because analysts don’t yet have enough visibility on what this group might be capable of.
As China has stepped up military and diplomatic pressure in its claim to democratically governed Taiwan, U.S. President Joe Biden has said he would be willing to use force to defend Taiwan. Security analysts expect Chinese hackers could target U.S. military networks and other critical infrastructure if China invades Taiwan.
The NSA and other Western cyber agencies urged companies that operate critical infrastructure to identify malicious activity using the technical guidance they issued. Microsoft said the Chinese hacking group has been active since at least 2021 and has targeted several industries including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education. NSA cybersecurity director Rob Joyce said the Chinese campaign was using “built-in network tools to evade our defenses and leaving no trace behind. Such techniques are harder to detect as they use “capabilities already built into critical infrastructure environments,”.
Guam is home to U.S. military facilities that would be key to responding to any conflict in the Asia-Pacific region. It is also a major communications hub connecting Asia and Australia to the United States by multiple submarine cables.
New Zealand said it would work towards identifying any such malicious cyber activity in its country. Canada’s cybersecurity agency said it had no reports of Canadian victims of this hacking as yet.
(with inputs from agencies)
