The United States, its Western allies, and Microsoft have issued a warning, revealing that state-sponsored Chinese hackers have successfully infiltrated critical US infrastructure networks. They also cautioned that similar espionage attacks may be taking place worldwide.
China’s Foreign Ministry has called the allegations a “disinformation campaign.”
What did Microsoft Say?
Microsoft said the Guam territory in the Pacific Ocean, home to US military bases, was one of the targets. The tech giant said “malicious” activities had happened in other parts as well and that “mitigating this attack could be challenging.”
Microsoft analysts said they had “moderate confidence” a Chinese group, which it dubbed “Volt Typhoon,” was developing capabilities that could disrupt critical communications infrastructure between the US and Asia region during future crises.
Volt Typhoon’s attacks began in mid-2021 and appear to be aimed at undermining the US in the event of a regional conflict.
The affected organizations span various sectors, including communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education.
Which Countries have been Affected?
In a coordinated effort, US, Australian, Canadian, New Zealand, and UK authorities released an advisory stating that the cyber actor behind Volt Typhoon is backed by the Chinese government and that similar hacking activities are likely occurring on a global scale.
The advisory warned that the hacking operations impact critical infrastructure sectors in the US and cautioned that the same techniques could be employed against other sectors worldwide.
The US and allies emphasized that the hackers employed “living off the land” tactics, exploiting built-in network tools to blend in with normal Windows systems. These tactics allowed them to incorporate seemingly harmless system administration commands.
To mask their activities, the hackers routed their traffic through compromised small office and home office network equipment, such as routers, firewalls, and VPN hardware. Microsoft also noted the use of customized versions of open-source tools by the attackers.
In response to these threats, Microsoft and security agencies released guidelines to aid organizations in detecting and countering these cyber intrusions.
How Did China Respond?
China said the allegations from Microsoft and the US and its allies lacked solid proof.
“This is an extremely unprofessional report with a missing chain of evidence, this is just scissors-and-paste work,” Foreign Ministry spokeswoman Mao Ning said.
She said the claims were “a collective disinformation campaign” initiated by Washington.
Mao said the US itself was “a hacker empire” and “was expanding new channels for disseminating disinformation.”
John Hultquist, a chief analyst at US cybersecurity company Mandiant, said that while China and Russia have historically targeted critical infrastructure, Volt Typhoon provides new insights into Chinese hacking.
He described Chinese cyber threat actors as unique, as they have not frequently resorted to destructive and disruptive cyber attacks, making their capabilities less transparent. The disclosure of these activities presents a rare opportunity to investigate and prepare for this specific threat, he said.