May 25 — On Wednesday, Microsoft announced that Chinese state-sponsored hackers had compromised critical U.S. cyber infrastructure across a variety of industries.
A Chinese hacking group, dubbed “Volt Typhoon,” has been in operation since mid-2021, and aims to disrupt “critical communications infrastructure between the United States and Asia,” says Microsoft. The state-sponsored hackers appear interested in compromising communication efforts during “future crises.”
The National Security Agency (NSA) in the United States has released a bulletin detailing how the hack works and how cyber security teams should respond. The threat and the attack remains ongoing. Microsoft urged affected customers to create new credentials for compromised accounts.
U.S. intelligence agencies became aware of the issue in February, roughly around the same time that the high-altitude Chinese surveillance balloon was shot down over the Atlantic.
In a Thursday briefing in Beijing, a spokesperson for China’s Ministry of Foreign Affairs disregarded the U.S. reports of infrastructure hacks. The spokesperson claimed that the U.S. is the champion of hacking, among other things.
The state-sponsored hacks focused on Guam and other parts of the U.S., according to the New York Times. In terms of cutting off communications, Guam may have been targeted due to its strategic location…It’s where an American military response would begin in the event of an invasion of Taiwan.
The cyber threat
Volt Typhoon can infiltrate organizations via an unnamed vulnerability in a popular cyber security suite. After the cyber criminals gain access to networked systems, they can steal user credentials and leverage them to try to escalate privileges.
According to Microsoft, the state-sponsored threat actors aren’t interested in creating disruption. Rather, they’re determined to carry out espionage activities in an advanced, persistent way. They aim to remain undetected within systems for as long as possible.
Infrastructure within nearly every critical sector has been affected; from communications, to transport, to government, to maritime industries.
For more on this story, click here. For insights into infrastructure security, please see CyberTalk.org’s past coverage. To receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.