State-sponsored Chinese hackers have infiltrated critical US infrastructure networks, the US, its Western allies and Microsoft said on Wednesday, adding that similar espionage attacks could be occurring globally.
Microsoft highlighted Guam, a US territory in the Pacific Ocean with a vital military outpost, as one of the targets, but said “malicious” activity had also been detected elsewhere in the US.
The stealthy attack — carried out by a China-sponsored actor dubbed “Volt Typhoon” since mid-2021 — enabled long-term espionage and was likely aimed at hampering the US if there was conflict in the region, it said.
Photo: AP
“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the statement said.
“In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education sectors,” it said.
Microsoft’s statement coincided with an advisory released by US, Australian, Canadian, New Zealand and British authorities.
They said a “state-sponsored cyber actor” from China was behind Volt Typhoon, and that the hacking was likely occurring globally.
“This activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the advisory said.
The US and its allies said the activities involved “living off the land” tactics, which take advantage of built-in network tools to blend in with normal Windows systems.
It warned that the hacking could incorporate legitimate system administration commands that appear “benign.”
Volt Typhoon tried to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls and virtual private network hardware, Microsoft said.
“They have also been observed using custom versions of open-source tools,” Microsoft said.
Microsoft and the security agencies released guidelines for organizations to detect and counter the hacking.
“It’s what I would term a low and slow cyberactivity,” said Alastair McGibbon, chief strategy officer at Australia’s CyberCX and a former head of the Australian Cyber Security Centre.
“When you think about something that can really cause catastrophic harm, it is someone with intent who takes time to get into systems,” he said.
Once inside, the cyberattackers can steal information, he said.
While China and Russia have long targeted critical infrastructure, Volt Typhoon offered new insights into Chinese hacking, said John Hultquist, chief analyst at US cybersecurity company Mandiant.
“Chinese cyberthreat actors are unique among their peers in that they have not regularly resorted to destructive and disruptive cyberattacks,” he said.
“As a result, their capability is quite opaque. This disclosure is a rare opportunity to investigate and prepare for this threat,” he said.
The CIA has a message for Chinese government officials worried about their place in Chinese President Xi Jinping’s (習近平) government: Come work with us. The agency released two Mandarin-language videos on social media on Thursday inviting disgruntled officials to contact the CIA. The recruitment videos posted on YouTube and X racked up more than 5 million views combined in their first day. The outreach comes as CIA Director John Ratcliffe has vowed to boost the agency’s use of intelligence from human sources and its focus on China, which has recently targeted US officials with its own espionage operations. The videos are “aimed at
STEADFAST FRIEND: The bills encourage increased Taiwan-US engagement and address China’s distortion of UN Resolution 2758 to isolate Taiwan internationally The Presidential Office yesterday thanked the US House of Representatives for unanimously passing two Taiwan-related bills highlighting its solid support for Taiwan’s democracy and global participation, and for deepening bilateral relations. One of the bills, the Taiwan Assurance Implementation Act, requires the US Department of State to periodically review its guidelines for engagement with Taiwan, and report to the US Congress on the guidelines and plans to lift self-imposed limitations on US-Taiwan engagement. The other bill is the Taiwan International Solidarity Act, which clarifies that UN Resolution 2758 does not address the issue of the representation of Taiwan or its people in
US Indo-Pacific Commander Admiral Samuel Paparo on Friday expressed concern over the rate at which China is diversifying its military exercises, the Financial Times (FT) reported on Saturday. “The rates of change on the depth and breadth of their exercises is the one non-linear effect that I’ve seen in the last year that wakes me up at night or keeps me up at night,” Paparo was quoted by FT as saying while attending the annual Sedona Forum at the McCain Institute in Arizona. Paparo also expressed concern over the speed with which China was expanding its military. While the US
SHIFT: Taiwan’s better-than-expected first-quarter GDP and signs of weakness in the US have driven global capital back to emerging markets, the central bank head said The central bank yesterday blamed market speculation for the steep rise in the local currency, and urged exporters and financial institutions to stay calm and stop panic sell-offs to avoid hurting their own profitability. The nation’s top monetary policymaker said that it would step in, if necessary, to maintain order and stability in the foreign exchange market. The remarks came as the NT dollar yesterday closed up NT$0.919 to NT$30.145 against the US dollar in Taipei trading, after rising as high as NT$29.59 in intraday trading. The local currency has surged 5.85 percent against the greenback over the past two sessions, central