by Micaela Burrow
A shadowy Chinese government-backed hacking group attacked critical U.S. networks, including in Guam, where it may have spied on the U.S. to gain an edge ahead of future crises, according to a Microsoft report and U.S. government advisory.
Microsoft said the organization, dubbed “Volt Typhoon,” has been active since 2021 to break into so-called “critical infrastructure” in Guam and other U.S. sites with the intent to secure long-term hidden access to networks and conduct espionage, according to a report published Wednesday. While targets spanned the U.S., Microsoft highlighted infiltration of national security-specific infrastructure in Guam, an important U.S. territory and military outpost in the Pacific that would likely serve as the front-line of U.S. defenses in the event of a conflict over Taiwan.
“This Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” Microsoft wrote. “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.”
China is known to spy on sensitive U.S. defense sites. Earlier in 2023, the Department of Defense revealed China has coordinated regular spy balloon flights over Guam and Hawaii.
Volt Typhoon’s methods of intrusion are particularly difficult to detect because the techniques used replicate legitimate network activity and take advantage of poorly-guarded home or office routers. The hackers spied on U.S. communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education sectors, according to Microsoft.
The National Security Agency issued a joint advisory the same day with counterparts from New Zealand and Australia to governments and private sector entities, warning that other sectors worldwide could fall prey to the hackers. The notice provided instructions on how to bolster defenses against Volt Typhoon and detect signs of infiltration.
🚨With our partners @NSACyber, @FBI, @CyberGovAu, @Cybercentre_ca, @NCSC, & NCSC New Zealand, we urge all organizations—especially critical infrastructure owners & operators—to read this Joint Advisory & mitigate your risk to PRC malicious cyber activity: https://t.co/QEYRBdfdw8 pic.twitter.com/utE21CFSmL
— Jen Easterly🛡️ (@CISAJen) May 24, 2023
“We recognize the actor from a series of intrusions that have targeted air, maritime and land transportation targets, as well as other organizations,” John Hultquist, chief analyst at Google’s Mandiant Intelligence, told The Washington Post. “There are a variety of reasons actors target critical infrastructure, but a persistent focus on these sectors may indicate preparation for disruptive or destructive cyberattack.”
In response to the advisory, China on Thursday accused the U.S. of waging a “disinformation campaign” and hypocritically singling out Beijing when U.S. cyber forces also seek to penetrate and maintain a foothold in adversaries’ networks.
“We noted this extremely unprofessional report – a patchwork with a broken chain of evidence,” Foreign Ministry spokesperson Mao Ning said.
– – –
Micaela Burrow is a reporter at Daily Caller News Foundation.