The US, its Western allies, and Microsoft have issued a warning after discovering that state-sponsored Chinese hackers have successfully infiltrated critical US infrastructure networks. They also warned that similar espionage attacks could be taking place around the world.
The allegations have been described by China’s Foreign Ministry as a “disinformation campaign.”
What did Microsoft have to say?
Microsoft stated that one of the targets was the Pacific Ocean territory of Guam, which is home to US military bases. According to the tech giant, “malicious” activities had occurred in other areas as well, and “mitigating this attack could be challenging.”
Microsoft analysts expressed “moderate confidence” that a Chinese group dubbed “Volt Typhoon” was developing capabilities capable of disrupting critical communications infrastructure between the United States and Asia during future crises.
Attacks by Volt Typhoon began in mid-2021 and appear to be aimed at undermining the US in the event of a regional conflict.
Communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education are among the organizations affected.
Which countries were impacted?
Authorities in the United States, Australia, Canada, New Zealand, and the United Kingdom issued a joint advisory stating that the cyber actor behind Volt Typhoon is supported by the Chinese government and that similar hacking activities are likely occurring on a global scale.
The advisory warned that the hacking operations have an impact on critical infrastructure sectors in the United States and that the same techniques could be used against other sectors around the world.
The United States and its allies emphasized that the hackers used “living off the land” tactics, utilizing built-in network tools to blend in with normal Windows systems. These strategies enabled them to include seemingly innocuous system administration commands.
To conceal their activities, the hackers routed their traffic through hacked small office and home office network equipment such as routers, firewalls, and VPN hardware. The attackers also used customized versions of open-source tools, according to Microsoft.
In response to these threats, Microsoft and security organizations issued guidelines to assist organizations in detecting and countering cyber intrusions.
How Did China React?
China claimed that the allegations made by Microsoft and the US and its allies lacked solid evidence.
“This is an extremely unprofessional report with a missing chain of evidence, this is just scissors-and-paste work,” said Foreign Ministry spokeswoman Mao Ning.
She called the allegations “a collective disinformation campaign” launched by Washington.
According to Mao, the United States is a “hacker empire” that is “expanding new channels for disinformation dissemination.”
While China and Russia have historically targeted critical infrastructure, according to John Hultquist, chief analyst at US cybersecurity firm Mandiant, Volt Typhoon provides new insights into Chinese hacking.
He characterized Chinese cyber threat actors as distinct because they have not frequently used destructive and disruptive cyber attacks, making their capabilities less transparent.
According to him, the disclosure of these activities provides a once-in-a-lifetime opportunity to investigate and prepare for this specific threat.
To read our blog on “As Microsoft pulls Twitter ads, Musk threatens legal action,” click here
