Chinese hackers spying on US critical infrastructure, Western intelligence says

A state-sponsored����󾱲Ա������hacking group has been������⾱�Բ���on a wide range of U.S.���������پ������������Դڰ������ٰ��ܳ��ٳܰ�����organizations, from telecommunications to transportation hubs,���±���ٱ���������Գٱ����������Գ�����agencies and Microsoft said on Wednesday.

The espionage has also targeted the US island territory of Guam, home to strategically important American military bases, Microsoft said in a report, adding that “mitigating this attack could be challenging.”

While China and the United States routinely spy on each other, analysts say this is one of the largest known����󾱲Ա������cyber-espionage campaigns against American���������پ���������infrastructure.

The����󾱲Ա������embassy in Washington did not immediately respond to a Reuters request for comment.

It was not immediately clear how many organizations were affected, but the US National Security Agency (NSA) said it was working with partners including Canada, New Zealand, Australia, and the UK, as well as the US Federal Bureau of Investigation to identify breaches. Canada, UK, Australia and New Zealand warned they could be targeted by the���󲹳���������too.

Microsoft analysts said they had “moderate confidence” this����󾱲Ա������group, which it dubbed as ‘Volt Typhoon’, was developing capabilities that could disrupt���������پ���������communications ���Դڰ������ٰ��ܳ��ٳܰ�����between the United States and Asia region during future crises.

“It means they are preparing for that possibility,” added said John Hultquist, who heads threat analysis at Google’s Mandiant�����Գٱ����������Գ���.

The����󾱲Ա������activity is unique and worrying also because analysts don’t yet have enough visibility on what this group might be capable of, he added.

“There is greater interest in this actor because of the geopolitical situation.”

As China has  military and diplomatic pressure in its claim to democratically governed Taiwan, US President Joe Biden has said he would be willing to���ܲ�e force to defend Taiwan.

Security analysts expect����󾱲Ա�������󲹳���������could target US military networks and other���������پ������������Դڰ������ٰ��ܳ��ٳܰ�����if China invades Taiwan.

The NSA and other���±���ٱ������cyber agencies urged companies that operate���������پ������������Դڰ������ٰ��ܳ��ٳܰ�����to identify malicio�ܲ���activity���ܲ�ing the technical guidance they issued.

“It is vital that operators of���������پ���������national ���Դڰ������ٰ��ܳ��ٳܰ�����take action to prevent attackers hiding on their systems,” Paul Chichester, director at the UK’s National Cyber Security Centre said in a joint statement with the NSA.

Microsoft said the����󾱲Ա������hacking group has been active since at least 2021 and has targeted several industries including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education.

NSA cybersecurity director Rob Joyce said the����󾱲Ա������campaign was���ܲ�ing “built-in network tools to evade our defenses and leaving no trace behind.” Such techniques are harder to detect as they���ܲ�e “capabilities already built into���������پ������������Դڰ������ٰ��ܳ��ٳܰ�����environments,” he added.

As opposed to���ܲ�ing traditional hacking techniques, which often involve tricking a victim into downloading malicio�ܲ���files, Microsoft said this group infects a victim’s existing systems to find information and extract data.

Guam is home to U.S. military facilities that would be key to responding to any conflict in the Asia-Pacific region. It is also a major communications hub connecting Asia and Australia to the United States by multiple submarine cables.

Bart Hoggeveen, a senior analyst at the Australian Strategic Policy Institute who specializes in state-sponsored cyber attacks in the region, said the submarine cables made Guam “a logical target for the����󾱲Ա������government” to seek�����Գٱ����������Գ���.

“There is high vulnerability when cables land on shore,” he said.

New Zealand said it would work towards identifying any such malicio�ܲ���cyber activity in its country.

“It’s important for the national security of our country that we’re transparent and upfront with Australians about the threats that we face,” Australia’s Minister for Home Affairs and Cyber Security Clare O’Neil said.

Canada’s cybersecurity agency said it had no reports of Canadian victims of this hacking as yet. “However,���±���ٱ������economies are deeply interconnected,” it added. “Much of our ���Դڰ������ٰ��ܳ��ٳܰ�����is closely integrated and an attack on one can impact the other.” – Reuters