A Chinese group hacked critical American infrastructure, Microsoft warns
Microsoft has warned that a state-backed Chinese hacker group has compromised “critical” US infrastructure to disrupt communications between the country and Asia in the event of a crisis.
In a rare breach announcement, the US tech group said the hackers, codenamed “Volt Typhoon”, have been operating since mid-2021. According to Microsoft, they managed to infiltrate organizations across industries by exploiting vulnerabilities in a popular cybersecurity platform called FortiGuard.
“The organizations involved in this campaign span the communications, manufacturing, utilities, transportation, construction, maritime, government, information technology and education sectors,” Microsoft said. He added that the hacker group’s activities were focused on intelligence and espionage rather than immediate disruption.
He added: “Microsoft has moderate confidence that this Volt Typhoon campaign seeks to develop capabilities that could disrupt critical communications infrastructure between the United States and the Asian region during future crises.”
Microsoft said it notified customers who were targeted or hacked and told them to close or secure their accounts.
U.S. and international cybersecurity authorities issued a joint warning Wednesday about Volt Typhoon, which also warned of Chinese state-sponsored cyber threats.
Rob Joyce, director of cybersecurity at the US National Security Agency, said: “A Chinese state-sponsored actor lives on the ground, uses built-in networking tools to evade our defenses and leaves no trace. This makes it imperative that we work together to find and remove the actor from our critical networks.”
“Live off the ground” refers to cyberattacks that use legitimate tools already installed on a person’s device to perform hacks, making them much harder to detect than traditional malicious attacks that usually require the victim to download files.
John Hultquist, senior analyst at Mandiant Intelligence, a Google-owned cyber defense service, said the Volt Typhoon hack was “aggressive and potentially dangerous.”
“China’s cyber threat actors are unique among their peers in that they have not routinely resorted to destructive and disruptive cyber attacks. As a result, their ability is rather opaque. This disclosure is a rare opportunity to investigate and prepare for this threat.”