Western intelligence agencies and Microsoft (MSFT.O) reported Wednesday that a state-sponsored Chinese hacking gang has been eavesdropping on various U.S. critical infrastructure firms, from telecommunications to transportation hubs.
Microsoft reported that “mitigating this attack could be challenging” because the espionage targeted Guam, home to vital American military bases.
Analysts claim this is one of the largest Chinese cyber-espionage attacks against American critical infrastructure.
Reuters received no response from the Chinese embassy in Washington.
The U.S. National Security Agency (NSA) stated it was identifying breaches with Canada, New Zealand, Australia, the U.K., and the FBI. However, it was unclear how many firms were affected. Canada, the UK, Australia, and New Zealand warned hackers could target them.
Microsoft analysts expressed “moderate confidence” that ‘Volt Typhoon,’ a Chinese outfit, was building capabilities to disrupt crucial communications infrastructure between the U.S. and Asia during future crises.
“It means they are preparing for that possibility,” said John Hultquist, Google’s Mandiant Intelligence security analyst.
He noted that researchers don’t yet know what the Chinese outfit is capable of, making their activity unique and concerning.
“Geopolitics makes this actor more interesting.”
U.S. President Joe Biden has stated he would defend Taiwan with force as China has increased military and diplomatic pressure.
Analysts expect Chinese hackers to target U.S. military networks and other key infrastructure if China invades Taiwan.
The NSA and other Western cyber agencies advised critical infrastructure operators to use technical guidance to identify hostile activities.
“It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems,” said U.K. National Cyber Security Centre director Paul Chichester in a joint statement with the NSA.
Microsoft said the Chinese hacking outfit had targeted communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education since 2021.
The Chinese effort used “built-in network tools to evade our defenses and leave no trace,” according to NSA cybersecurity director Rob Joyce. Since they employ “capabilities already built into critical infrastructure environments,” such tactics are tougher to detect.
Microsoft stated this organization exploits victims’ PCs to steal data instead of fooling them into downloading dangerous files.
U.S. military facilities in Guam would help resolve Asia-Pacific conflicts. In addition, multiple submarine cables link Asia, Australia, and the U.S. through it.
The submarine cables make Guam “a logical target for the Chinese government” to gather intelligence, according to Bart Hoggeveen, a senior analyst at the Australian Strategic Policy Institute specializing in state-sponsored cyber operations.
“Cables onshore are vulnerable,” he warned. New Zealand pledged to identify such cybercrime.
“It’s important for the national security of our country that we’re transparent and upfront with Australians about the threats that we face,” said Australia’s Minister for Home Affairs and Cyber Security, Clare O’Neil.
Canada’s cybersecurity agency reported no Canadian hacker victims. “However, Western economies are deeply interconnected,” it continued. “Much of our infrastructure is closely integrated and an attack on one can impact the other.”
Comment Template