On Wednesday, Microsoft issued a warning, stating that state-sponsored hackers from China have successfully breached “critical” cyber infrastructure in the United States, affecting multiple industries. The primary objective of these cyberattacks is to gather intelligence.
According to a recent advisory by Microsoft, a Chinese hacking group known as “Volt Typhoon” has been active since mid-2021. The group’s primary focus appears to be disrupting the “critical communications infrastructure” connecting the United States and Asia. Microsoft suggests that these actions are aimed at impeding efforts during potential future crises.
On Wednesday, the National Security Agency (NSA) issued a bulletin outlining the mechanics of the hack and providing guidance on how cybersecurity teams should respond. It is important to note that the attack is still ongoing. In its advisory, Microsoft urged affected customers to take immediate action by either closing or changing credentials for all compromised accounts. The incursion was brought to the attention of U.S. intelligence agencies in February, coinciding with the downing of a Chinese spy balloon, as reported by The New York Times.
During a briefing held in Beijing on Thursday, a spokesperson from China’s Ministry of Foreign Affairs refuted the report and advisories, dismissing them as being “filled with disinformation.” The spokesperson further asserted that the United States is the primary perpetrator of hacking activities. Additionally, the spokesperson claimed that the report was part of a concerted campaign orchestrated by the Five Eyes intelligence-sharing alliance, comprising agencies from Australia, Canada, New Zealand, the United Kingdom, and the United States.
According to The New York Times, the cyber infiltration specifically targeted communications infrastructure located in Guam and other regions of the United States. The concerning aspect for U.S. intelligence is that Guam serves as a crucial center for American military response in the event of a potential invasion of Taiwan.
Microsoft revealed that the hacking group known as Volt Typhoon employs an undisclosed vulnerability in a widely used cybersecurity suite called FortiGuard to infiltrate targeted organizations. Once inside a corporate system, the group proceeds to extract user credentials from the security suite. These stolen credentials are then leveraged in attempts to gain unauthorized access to other corporate systems.
According to Microsoft, the state-sponsored hackers are not currently aiming to cause immediate disruption. Their primary objective is to engage in espionage activities and maintain undetected access for an extended duration. The impact of their actions has been observed across numerous critical sectors, including communications, transportation, maritime, and government organizations.
In previous instances, Chinese government-supported hackers have successfully targeted crucial and sensitive data from American companies. One notable incident occurred in 2020 when suspected Chinese state-sponsored hackers breached the security of Covington & Burling, a prominent law firm. However, in a Thursday editorial, the Chinese state-backed publication China Daily dismissed Microsoft’s analysis and the warnings issued by the intelligence community, deeming them as “political propaganda.”
In collaboration with both international and domestic intelligence services, the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint statement emphasizing the ongoing threat posed by Chinese cyberattacks to American intellectual property. CISA Director Jen Easterly stated, “China has persistently engaged in aggressive cyber operations aimed at stealing intellectual property and sensitive data from organizations worldwide for several years.” The statement highlights the need for increased vigilance and cybersecurity measures to counter these persistent threats.
