US, Microsoft warn Chinese hackers attacking 'critical' infrastructure 

US, Microsoft warn Chinese hackers attacking 'critical' infrastructure 

Microsoft has warned state-sponsored Chinese hackers have infiltrated critical US infrastructure
Microsoft has warned state-sponsored Chinese hackers have infiltrated critical US infrastructure. Photo: Josep LAGO / AFP/File
Source: AFP

PAY ATTENTION: Enjoy reading our stories? Join YEN.com.gh's Telegram channel for more!

State-sponsored Chinese hackers have infiltrated critical US infrastructure networks, the United States, its Western allies and Microsoft said Wednesday while warning that similar espionage attacks could be occurring globally.

Microsoft highlighted Guam, a US territory in the Pacific Ocean with a vital military outpost, as one of the targets, but said "malicious" activity had also been detected elsewhere in the United States.

It said the hacking, dubbed "Volt Typhoon", had started in mid-2021 and was likely aimed at hampering the United States if there was conflict in the region.

"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the statement said.

"In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Read also

China says US chipmaker Micron failed national security review

"Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible."

PAY ATTENTION: Сheck out news that is picked exactly for YOU ➡️ click on “Recommended for you” and enjoy!

The US territory of Guam plays host to a critically important military base
The US territory of Guam plays host to a critically important military base. Photo: Conner D. BLAKE / US NAVY/AFP
Source: AFP

Microsoft's statement coincided with an advisory released by US, Australian, Canadian, New Zealand and UK authorities.

They said a "state-sponsored cyber actor" from China was behind Volt Typhoon and that the hacking was likely occurring globally.

"This activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide," the advisory said.

The United States and its allies said the activities involved "living off the land" tactics, which take advantage of built-in network tools to blend in with normal Windows systems.

It warned that the hacking could then incorporate legitimate system administration commands that appear "benign".

Read also

Business tough in China as national security trumps all

'Highly sophisticated'

Microsoft said Volt Typhoon tried to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls and VPN hardware.

"They have also been observed using custom versions of open-source tools," Microsoft said.

Microsoft and the security agencies released guidelines for organisations to try and detect and counter the hacking.

The director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, also released a warning related to Volt Typhoon.

"For years, China has conducted operations worldwide to steal intellectual property and sensitive data from critical infrastructure organizations around the globe," Easterly said.

"Today's advisory, put out in conjunction with our US and international partners, reflects how China is using highly sophisticated means to target our nation's critical infrastructure.

"This joint advisory will give network defenders more insights into how to detect and mitigate this malicious activity."

China offered no immediate response to the allegations. But it routinely denies carrying out state-sponsored cyber attacks.

Read also

Russian economy pressured as hundreds more added to US blacklist

China in turn regularly accuses the United States of cyber espionage.

While China and Russia have long targeted critical infrastructure, Volt Typhoon offered new insights into Chinese hacking, according to John Hultquist, chief analyst at US cybersecurity company Mandiant.

"Chinese cyberthreat actors are unique among their peers in that they have not regularly resorted to destructive and disruptive cyberattacks," he said.

"As a result, their capability is quite opaque.This disclosure is a rare opportunity to investigate and prepare for this threat."

New feature: Сheck out news that is picked for YOU ➡️ click on “Recommended for you” and enjoy!

Source: AFP

Authors:
AFP avatar

AFP AFP text, photo, graphic, audio or video material shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. AFP news material may not be stored in whole or in part in a computer or otherwise except for personal and non-commercial use. AFP will not be held liable for any delays, inaccuracies, errors or omissions in any AFP news material or in transmission or delivery of all or any part thereof or for any damages whatsoever. As a newswire service, AFP does not obtain releases from subjects, individuals, groups or entities contained in its photographs, videos, graphics or quoted in its texts. Further, no clearance is obtained from the owners of any trademarks or copyrighted materials whose marks and materials are included in AFP material. Therefore you will be solely responsible for obtaining any and all necessary releases from whatever individuals and/or entities necessary for any uses of AFP material.