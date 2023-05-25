Microsoft security researchers have uncovered a Chinese-sponsored hacking campaign targeting critical infrastructure in Guam and other unspecified locations within the United States, as per the tech giant’s warning on Wednesday. The hacking operation, code-named “Volt Typhoon,” has been active since mid-2021 and “could disrupt critical communications infrastructure between the United States and Asia region during future crises.”

Microsoft has not detected any offensive attacks, but noted that Chinese intelligence and military hackers prioritize espionage and gathering of information over destruction.

U.S. federal law enforcement and intelligence agencies, including the FBI, NSA, and Cybersecurity and Infrastructure Security Agency (CISA), released a bulletin on Wednesday outlining Volt Typhoon’s ongoing operational playbook, as well as a roadmap of code that enables possible victims to detect the intruder.

According to the bulletin, authorities “recently discovered” this cluster of activity. “Private sector partners have identified that this activity affects networks across U.S. critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the brief continued.

China has denied the latest hacking allegations and called it a disinformation campaign by the “Five Eyes” nations that share intelligence, as per Reuters. Those nations are the U.S., Canada, New Zealand, Australia, and the UK. Chinese Foreign Ministry spokesperson Mao Ning stated in a regular press briefing that “relevant reports from western agencies have no proof.”

U.S. intelligence agencies first detected the malware in February, approximately the same time that the U.S. downed a Chinese spy balloon, as per the New York Times. The activity by the Chinese-sponsored hacking group alarmed U.S. officials due to its proximity to Andersen Air Force Base. The naval port in Guam would play a critical role in launching any U.S. military response in the event of a Taiwanese invasion.

“Attacks against our critical infrastructure in the event of a Chinese invasion of Taiwan is unfortunately not farfetched,” CISA Director Jen Easterly warned in February.

Microsoft revealed that once Volt Typhoon gains access into a network, it steals user credentials to gain access to other computer systems. “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible,” Microsoft security researchers noted in Wednesday’s blog. Affected organizations spanned nearly every critical infrastructure sector, including “communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors,” as per Microsoft.

Microsoft urged those customers impacted to “close or change credentials for all compromised accounts.” China has consistently denied hacking into American networks, even after U.S. investigators accused the People’s Republic of China of stealing personal information of millions of current and former federal workers under the Obama administration. The Biden White House has established cybersecurity standards for critical infrastructure after elevating ransomware attacks, such as the 2021 Russia-linked offensive on Colonial Pipeline, to an issue of national security.

