State-sponsored Chinese hackers have infiltrated critical US infrastructure networks, the United States, its Western allies and Microsoft warned on Wednesday that similar espionage attacks could happen on a global scale.
Microsoft highlighted Guam, a US territory in the Pacific Ocean with a significant military outpost, as a target, but said “malicious” activity was also found elsewhere in the United States.
It said the hacking, dubbed “Volt Typhoon”, began in mid-2021 and was aimed at disrupting the United States should there be conflict in the region.
“Microsoft assesses with moderate confidence that it is pursuing the development of Volt Typhoon campaign capabilities that could disrupt critical communications infrastructure between the United States and the Asia region during a future crisis,” the statement said. Is.”
“In this campaign, the affected organizations are spread across the communications, construction, utility, transportation, construction, maritime, government, information technology and education sectors.
“The observed behavior suggests that the threat actor intends to conduct espionage and maintain undetected access for as long as possible.”
Microsoft’s statement coincides with an advisory issued by the US, Australian, Canadian, New Zealand and UK authorities.
He said that a “state-sponsored cyber actor” from China was behind the Volt Typhoon and that the hacking was likely happening globally.
“This activity affects networks in critical infrastructure areas of the US, and authoring agencies believe the actor may be deploying similar techniques against these and other areas,” the advisory said.
The United States and its allies said the activities included a “stay off the land” strategy, which takes advantage of built-in network tools to blend in with normal Windows systems.
It warned that hacking could then involve legitimate systems administration commands that appear “benign”.
– ‘Highly sophisticated’ – Microsoft said that Volt Typhoon attempted to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls and VPN hardware.
“They have also been observed using custom versions of open-source tools,” Microsoft said.
Microsoft and security agencies released guidelines for organizations on how to detect and combat hacking.
Jane Easterly, director of the US Cyber Security and Infrastructure Security Agency, also issued a warning related to Typhoon Volt.
“For years, China has waged campaigns around the world to steal intellectual property and sensitive data from critical infrastructure organizations around the world,” Easterly said.
“Today’s advisory, combined with that of our US and international partners, demonstrates how China is using highly sophisticated means to target our nation’s critical infrastructure.
“This joint advisory will give network defenders more insight into how best to detect and mitigate this malicious activity.”
China did not immediately react to the allegations. But it routinely denies conducting state-sponsored cyberattacks.
In turn, China routinely accuses the United States of cyber espionage.
While China and Russia have long targeted critical infrastructure, the Volt typhoon provided new insight into Chinese hacking, according to John Hultquist, principal analyst at US cybersecurity company Mandiant.
“Chinese cyber threat actors are unique among their peers in that they have not routinely resorted to destructive and disruptive cyber attacks,” he said.
“As a result, their capabilities are fairly opaque. This disclosure is a rare opportunity to investigate and prepare for this threat.”