



A state-sponsored Chinese hacking group has spied on a wide range of US critical infrastructure organizations and similar activity could be happening around the world, Western intelligence agencies and Microsoft have warned.

U.S. and international cybersecurity authorities are issuing this Joint Cybersecurity Advisory (CSA) to highlight a recently discovered group of activities of interest associated with a state-sponsored cyber actor from the People’s Republic of China (PRC), also known as Volt Typhoon, said a statement released by authorities in the United States, Australia, Canada, New Zealand and the United Kingdom countries that make up the Five Eyes intelligence network. .

In a separate statement, Microsoft said Volt Typhoon had been active since mid-2021 and had targeted critical infrastructure in Guam, a crucial US military outpost in the Pacific Ocean. Mitigating this attack could be difficult, Microsoft said.

While Chinese hackers are known to spy on Western countries, this is one of the biggest known cyber espionage campaigns against US critical infrastructure.

Microsoft assesses with moderate confidence that this Volt Typhoon campaign continues the development of capabilities that could disrupt critical communications infrastructure between the United States and the Asian region in future crises, the technology company said.

In this campaign, the organizations involved span the communications, manufacturing, utilities, transportation, construction, maritime, government, information technology and education sectors.

The observed behavior suggests that the threat actor intends to eavesdrop and maintain access undetected for as long as possible.

US and Western security agencies warned in their advisory that the activities involved living off ground tactics, which take advantage of built-in network tools to blend in with normal Windows systems.

He warned that the hack could then incorporate legitimate system administration commands that appear benign.

The Chinese Embassy in Washington did not immediately respond to a Reuters request for comment. However, Beijing regularly denies carrying out state-sponsored cyberattacks, and China, in turn, regularly accuses the United States of cyber espionage.

Guam is home to U.S. military installations that would be critical to responding to any conflict in the Asia-Pacific region.

The Canadian cybersecurity agency said separately that it had not yet had any reports of Canadian victims of the hack.

However, Western economies are deeply interconnected, he added. Much of our infrastructure is tightly integrated and an attack on one can impact the other.

The UK has also warned that the techniques used by Chinese hackers on US networks could be applied around the world.

Reuters and Agence France-Presse contributed to this report

