State-sponsored Chinese hackers have infiltrated critical US infrastructure networks, the US, its Western allies and Microsoft said on Wednesday, adding that similar espionage attacks could be occurring globally.
Microsoft highlighted Guam, a US territory in the Pacific Ocean with a vital military outpost, as one of the targets, but said “malicious” activity had also been detected elsewhere in the US.
The stealthy attack — carried out by a China-sponsored actor dubbed “Volt Typhoon” since mid-2021 — enabled long-term espionage and was likely aimed at hampering the US if there was conflict in the region, it said.
Photo: AP
“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the statement said.
“In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education sectors,” it said.
Microsoft’s statement coincided with an advisory released by US, Australian, Canadian, New Zealand and British authorities.
They said a “state-sponsored cyber actor” from China was behind Volt Typhoon, and that the hacking was likely occurring globally.
“This activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the advisory said.
The US and its allies said the activities involved “living off the land” tactics, which take advantage of built-in network tools to blend in with normal Windows systems.
It warned that the hacking could incorporate legitimate system administration commands that appear “benign.”
Volt Typhoon tried to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls and virtual private network hardware, Microsoft said.
“They have also been observed using custom versions of open-source tools,” Microsoft said.
Microsoft and the security agencies released guidelines for organizations to detect and counter the hacking.
“It’s what I would term a low and slow cyberactivity,” said Alastair McGibbon, chief strategy officer at Australia’s CyberCX and a former head of the Australian Cyber Security Centre.
“When you think about something that can really cause catastrophic harm, it is someone with intent who takes time to get into systems,” he said.
Once inside, the cyberattackers can steal information, he said.
While China and Russia have long targeted critical infrastructure, Volt Typhoon offered new insights into Chinese hacking, said John Hultquist, chief analyst at US cybersecurity company Mandiant.
“Chinese cyberthreat actors are unique among their peers in that they have not regularly resorted to destructive and disruptive cyberattacks,” he said.
“As a result, their capability is quite opaque. This disclosure is a rare opportunity to investigate and prepare for this threat,” he said.
Tropical Storm Gaemi strengthened into a typhoon at 2pm yesterday, and could make landfall in Yilan County tomorrow, the Central Weather Administration (CWA) said yesterday. The agency was scheduled to issue a sea warning at 11:30pm yesterday, and could issue a land warning later today. Gaemi was moving north-northwest at 4kph, carrying maximum sustained winds near its center of up to 118.8kph and gusts of 154.8kph. The circumference is forecast to reach eastern Taiwan tomorrow morning, with the center making landfall in Yilan County later that night before departing from the north coast, CWA weather forecaster Kuan Shin-ping (官欣平) said yesterday. Uncertainty remains and
SEA WARNING LIKELY: The storm, named Gaemi, could become a moderate typhoon on Wednesday or Thursday, with the Taipei City Government preparing for flooding A tropical depression east of the Philippines developed into a tropical storm named Gaemi at 2pm yesterday, and was moving toward eastern Taiwan, the Central Weather Administration (CWA) said. Gaemi could begin to affect Taiwan proper on Tuesday, lasting until Friday, and could develop into a moderate typhoon on Wednesday or Thursday, it said. A sea warning for Gaemi could be issued as early as Tuesday morning, it added. Gaemi, the third tropical storm in the Pacific Ocean this typhoon season, is projected to begin moving northwest today, and be closest to Taiwan on Wednesday or Thursday, the agency said. Today, there would likely
DISRUPTIONS: The high-speed rail is to operate as normal, while several airlines either canceled flights or announced early departures or late arrivals Schools and offices in 15 cities and counties are to be closed today due to Typhoon Gaemi, local governments announced last night. The 15 are: Taipei, New Taipei City, Taoyuan, Tainan, Keelung, Hsinchu and Kaohsiung, as well as Yilan, Hualien, Hsinchu, Miaoli, Chiayi, Pingtung, Penghu and Lienchiang counties. People should brace for torrential rainfall brought by the storm, with its center forecast to make landfall on the east coast between tonight and tomorrow morning, the Central Weather Administration (CWA) said. The agency issued a sea warning for the typhoon at 11:30pm on Monday, followed by a land warning at 11:30am yesterday. As of
CASUALTY: A 70-year-old woman was killed by a falling tree in Kaohsiung as the premier warned all government agencies to remain on high alert for the next 24 hours Schools and offices nationwide are to be closed for a second day today as Typhoon Gaemi crosses over the nation, bringing torrential rain and whipping winds. Gaemi was forecast to make landfall late last night. From Tuesday night, its outer band brought substantial rainfall and strong winds to the nation. As of 6:15pm last night, the typhoon’s center was 20km southeast of Hualien County, Central Weather Administration (CWA) data showed. It was moving at 19kph and had a radius of 250km. As of 3pm yesterday, one woman had died, while 58 people were injured, the Central Emergency Operation Center said. The 70-year-old