Chinese group hacked critical US infrastructure, Microsoft warns

Featured Sponsor

Store	Link	Sample Product
UK Artful Impressions	Premiere Etsy Store

Microsoft has warned that a state-sponsored Chinese hacking group has compromised “critical” infrastructure in the United States in order to disrupt communications between the country and Asia in the event of a crisis.

In a rare announcement about a systems breach, the US technology group said the hackers, codenamed “Volt Typhoon”, have been operating since mid-2021. They were able to infiltrate organizations across all industries by exploiting vulnerabilities in a cyber security platform called FortiGuard, Microsoft said.

“In this campaign, organizations involved span communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education,” Microsoft said. He added that the hacking group’s actions had focused on intelligence gathering and espionage, rather than immediate disruption.

He added, “Microsoft assesses with moderate confidence that this Volt Typhoon campaign continues the development of capabilities that could disrupt critical communications infrastructure between the United States and the Asian region in future crises.”

Microsoft said it notified targeted or compromised customers and urged them to close or secure their accounts.

U.S. and international cybersecurity authorities issued a joint advisory opinion on Volt Typhoon on Wednesday that also warned of Chinese state-sponsored cyber threats.

Rob Joyce, Director of Cybersecurity for the US National Security Agency, said: “A state-sponsored actor in the PRC lives off the land, uses embedded network tools to evade our defenses, and doesn’t let no trace behind him. It is therefore imperative for us to work together to find and remove the actor from our critical networks.

“Living off the land” refers to cyberattacks that use legitimate tools already installed in a person’s devices to perform a hack, making them much harder to detect than traditional malware attacks that typically require only a victim downloads files.

John Hultquist, chief analyst at Mandiant Intelligence – a Google-owned cyber defense service – said the Volt Typhoon hack was “aggressive and potentially dangerous”.

“Chinese cyber threat actors are unique among their peers in that they do not routinely resort to destructive and disruptive cyber attacks. As a result, their ability is quite opaque. This disclosure is a rare opportunity to investigate and prepare for this threat,” he said.