Chinese state-sponsored hackers have compromised critical cyber infrastructure in a variety of industries, including government and communications organizations, Microsoft revelled Wednesday.
The group is code-named „Volt Typhoon” and has operated since 2021. The organization is working to disrupt „critical communications infrastructure between the United States and Asia”, Microsoft states, to stymie efforts during „future crises”.
In response, the National Security Agency put out a bulletin on Wednesday, detailing how the hack works and how cybersecurity teams should respond to this ongoing attack.
U.S. intelligence agencies became aware of the incursion in February, around the same time that a Chinese spy balloon was downed, the New York Times reported.
The infiltration was focused on communications infrastructure in Guam and other parts of the U.S., the Times reported, and was particularly alarming to U.S. intelligence because Guam sits at the heart of an American military response in case of a Taiwanese invasion.
Volt Typhoon has been able to infiltrate organizations using a unnamed vulnerability in a popular cybersecurity suite called FortiGuard. Once the hacking group has gained access to a corporate system and steals user credentials from the security suite and uses them to try to gain access to other corporate systems.
The state-sponsored hackers aren’t looking to create disruption yet, Microsoft said. Rather, „the threat actor intends to perform espionage and maintain access without being detected for as long as possible”.
Infrastructure in nearly every critical sector has been impacted, Microsoft said, including the communications, transport, and maritime industries. Government organizations were also targeted.
Chinese government-backed hackers have targeted critical and sensitive information from U.S. companies before. Covington and Burling, a prominent law firm, was hacked by suspected Chinese state-sponsored hackers in 2020.
In a joint statement with international and domestic intelligence services, the Cybersecurity and Infrastructure Security Agency warned that Chinese attacks pose a continued risk to American intellectual property.
