US critical infrastructure hacked, US blames Chinese-backed group
Microsoft alleged on Wednesday that a Chinese state-sponsored hacking gang acquired access to critical infrastructure organizations in Guam and other parts of the United States.
The US and its cybersecurity allies are blaming a Chinese government-backed hacking outfit for eavesdropping on important US infrastructure companies, including one on the island territory of Guam, which houses strategic military sites.
Separate reports on Wednesday from Microsoft and Western intelligence agencies stated that hackers were able to introduce computer programs that blended into Microsoft Windows computers and elude detection while keeping access and gathering information.
Microsoft claimed in a separate statement that the intrusion was carried out by a state-sponsored Chinese hacking suit known as "Volt Typhoon."
The gang targeted corporations ranging from telecommunications to transportation centers, as well as Western intelligence agencies and Microsoft itself, as well as the US island territory of Guam, according to the report.
Home to US military facilities, Guam is a major communications hub connecting Asia and Australia to the United States by multiple submarine cables.
“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the tech company said. It further added that “observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.”
Read next: China cyber units may bypass US network defenses in 5 years: WaPo
Microsoft experts expressed "moderate confidence" that this group was developing skills capable of disrupting crucial communications infrastructure between the United States and Asia in the event of a future crisis. "It means they are preparing for that possibility," John Hultquist, who heads threat analysis at Google's Mandiant Intelligence noted.
The Chinese action is unique because experts do not yet have a clear picture of what this group is capable of, according to Hultquist. "There is greater interest in this actor because of the geopolitical situation,” he noted.
Security specialists have warned that if China makes a move on Chinese Taipei (Taiwan), hackers may target US military networks and other key infrastructure. It was unclear how many organizations were affected or what information had been obtained.
The cyberattack strategy is known as "living off the land," and it involves hackers exploiting "built-in network tools to evade our defenses while leaving no trace behind," according to Rob Joyce, NSA cybersecurity director.
Canada, the UK, Australia, and New Zealand warned they could be targeted by the hackers too.
Read next: China says banning Micron products is 'necessary security measure'
However, Canada's cybersecurity agency indicated separately that no Canadian victims of the incident had been identified as of yet. "However, Western economies are deeply interconnected," according to the research. Similarly, the United Kingdom warned that the techniques used by Chinese hackers on US networks may be used globally. The Chinese government has yet to respond to the allegations.
Meanwhile, China has already branded the US as the “biggest threat to global cybersecurity,” saying that Washington “knowingly abuses technology” for spying and a range of other purposes.
The United States is seeking to preserve “hegemony in cyberspace” under the false pretext of “national security,” Chinese Foreign Ministry spokesperson Mao Ning told reporters back in April, urging the US to “stop its global hacking operations.”
The rivalry between the US and China has intensified in recent years, with Beijing’s growing international clout and rapid economic progress emerging as a viable counterweight to the US, which has recently been increasing its militarization around China, making Beijing feel threatened.
Read next: US Department of Transportation says cyber attack still unidentified