Microsoft and Allies Reveal Chinese Espionage and Potential Disruption of Communication Infrastructure
Chinese hackers, backed by the state, have successfully breached critical infrastructure networks in the United States and Western nations, as reported by Microsoft and allied countries. This ongoing cyber-espionage campaign, attributed to a group known as “Volt Typhoon,” commenced in mid-2021 and seeks to facilitate long-term intelligence gathering while potentially sabotaging crucial communication infrastructure in case of regional conflicts. While Guam, a strategic US territory, was singled out as a primary target, evidence of malicious activity has been uncovered in other regions within the United States. Various sectors have been affected, including communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education.
Global Advisory Warns of Chinese State-Sponsored Hacking Activities
Concurrently with Microsoft’s findings, the United States, Australia, Canada, New Zealand, and the United Kingdom jointly released an advisory emphasizing the global nature of these cyber attacks. The authorities attribute the hacking activities to a state-sponsored Chinese cyber actor, Volt Typhoon, cautioning that the same techniques may compromise critical infrastructure sectors worldwide. The hackers employ “living off the land” tactics, utilizing existing network tools to blend in with normal Windows systems. By leveraging seemingly harmless system administration commands, they cleverly obfuscate their presence, making detection challenging.
Techniques and Concealment Methods Employed by Volt Typhoon
Microsoft’s analysis reveals that Volt Typhoon employs various techniques to conceal its activities. By routing traffic through compromised small office and home office network equipment, such as routers, firewalls, and VPN hardware, the hackers attempt to mask their actions. Additionally, they have customized open-source tools to suit their objectives. In response to these cyber threats, Microsoft and security agencies have issued guidelines to assist organizations in detecting and countering these attacks.
Methodical Approach and Potential Consequences
Experts characterize the Volt Typhoon campaign as a patient and deliberate operation, with the attackers taking their time to infiltrate targeted systems while remaining undetected. Once inside, they have the ability to steal sensitive information and potentially carry out destructive actions at a later stage. While China and Russia have previously targeted critical infrastructure, the activities of the Volt Typhoon shed light on the unique traits of Chinese threat actors who have traditionally refrained from engaging in destructive and disruptive cyber attacks.
Read More: Surgeon General Warns That Social Media Impair Youth Mental Health
Warnings and Responses from Security Authorities
Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, issued a warning concerning Volt Typhoon, highlighting China’s utilization of sophisticated techniques to target critical infrastructure. The joint advisory aims to provide network defenders worldwide with insights into detecting and mitigating such malicious activities.
China has yet to respond to the allegations, although it routinely denies involvement in state-sponsored cyber attacks. In turn, China frequently accuses the United States of engaging in cyber espionage.
