State-sponsored Chinese hackers have infiltrated critical US infrastructure networks, the US, its Western allies and Microsoft said on Wednesday, adding that similar espionage attacks could be occurring globally.
Microsoft highlighted Guam, a US territory in the Pacific Ocean with a vital military outpost, as one of the targets, but said “malicious” activity had also been detected elsewhere in the US.
The stealthy attack — carried out by a China-sponsored actor dubbed “Volt Typhoon” since mid-2021 — enabled long-term espionage and was likely aimed at hampering the US if there was conflict in the region, it said.
“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the statement said.
“In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education sectors,” it said.
Microsoft’s statement coincided with an advisory released by US, Australian, Canadian, New Zealand and British authorities.
They said a “state-sponsored cyber actor” from China was behind Volt Typhoon, and that the hacking was likely occurring globally.
“This activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the advisory said.
The US and its allies said the activities involved “living off the land” tactics, which take advantage of built-in network tools to blend in with normal Windows systems.
It warned that the hacking could incorporate legitimate system administration commands that appear “benign.”
Volt Typhoon tried to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls and virtual private network hardware, Microsoft said.
“They have also been observed using custom versions of open-source tools,” Microsoft said.
Microsoft and the security agencies released guidelines for organizations to detect and counter the hacking.
“It’s what I would term a low and slow cyberactivity,” said Alastair McGibbon, chief strategy officer at Australia’s CyberCX and a former head of the Australian Cyber Security Centre.
“When you think about something that can really cause catastrophic harm, it is someone with intent who takes time to get into systems,” he said.
Once inside, the cyberattackers can steal information, he said.
While China and Russia have long targeted critical infrastructure, Volt Typhoon offered new insights into Chinese hacking, said John Hultquist, chief analyst at US cybersecurity company Mandiant.
“Chinese cyberthreat actors are unique among their peers in that they have not regularly resorted to destructive and disruptive cyberattacks,” he said.
“As a result, their capability is quite opaque. This disclosure is a rare opportunity to investigate and prepare for this threat,” he said.
‘A DISASTER’: A successful Chinese attack on Taiwan would undermine the credibility of US security guarantees and could result in a global depression, three experts wrote A Chinese takeover of Taiwan would be a geopolitical catastrophe for the US and its allies, one that would overshadow almost all others over the next decade, US policy experts said. Andrew Erickson, a professor of strategy in the US Naval War College’s China Maritime Studies Institute; Gabriel Collins, a fellow at Rice University’s Baker Institute for Public Policy; and former US deputy national security adviser Matthew Pottinger issued the warning in an article published on Tuesday in Foreign Affairs. Bejing’s invasion or annexation of Taiwan “would be a disaster of utmost importance to the United States, and I am convinced that
Taiwanese businesspeople’s investments in China last year hit a record low of 11.4 percent of total foreign investment, the Mainland Affairs Council said yesterday. The number was a huge decline from 83.8 percent in 2010, mainly because Taiwanese businesspeople have been diversifying their investments globally over the past few years, with great success, the council said. From 1991 to last year, 45,523 Taiwanese investments in China totaling US$206.37 billion had been approved, accounting for 50.7 percent of overall foreign investment, data from the Ministry of Economic Affairs’ Investment Commission showed. The amount and proportion of Taiwanese investments in China has been declining, with
Taiwanese tourists on board a Kinmen cruise ship had a scare yesterday when it was intercepted by Chinese coast guards who forcefully boarded the vessel to inspect it. The Sunrise, a tourism ferry that operates between Kinmen and Xiamen, China, was sailing around the waters around the islets of Dadan (大膽) and Erdan (二膽) — both of which are part of Kinmen County — yesterday afternoon when it encountered personnel from China’s Fujian Coast Guard Bureau. China Coast Guard personnel forced their way on board and conducted an inspection for about 30 minutes before leaving, local media cited the tourists as saying. The
SEEKING CALM: The US called for maintaining the ‘status quo,’ while the Ministry of National Defense said it would not bolster defenses in the area to avoid raising tensions Taiwanese should have greater faith in the government’s investigation into the capsizing of a Chinese vessel that resulted in the death of two Chinese fishers last week, the Coast Guard Administration (CGA) said yesterday, adding that Taiwan abides by the rule of law. On Wednesday last week, a Chinese speedboat was spotted trespassing in “prohibited” waters within 1.1 nautical miles (2km) of the east coast of Kinmen. It fled after refusing the coast guard’s request to board the vessel, setting off a chase that led to the boat capsizing, with two Chinese fishers dying. Two survivors were deported back to China