China-backed hackers spying on US critical infrastructure, says Five Eyes 

The front entrance sign for Anderson Air Force Base in Yigo, Guam Photograph: Tassanee Vejpongsa/AP

Guardian staff and agencies
First published 2023 May 24
[This article is more than 8 months old]

Targets include US military facilities on Guam that would be key in an Asia-Pacific conflict, say Microsoft and western spy agencies

A state-sponsored Chinese hacking group has been spying on a wide range of US critical infrastructure organizations and similar activities could be occurring globally, western intelligence agencies and Microsoft have warned.

“The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon,” said a statement released by authorities in the US, Australia, Canada, New Zealand and the UK – countries that make up the Five Eyes intelligence network.

In a separate statement, Microsoft said Volt Typhoon had been active since mid-2021 and had targeted critical infrastructure in Guam, a crucial US military outpost in the Pacific Ocean. “Mitigating this attack could be challenging,” Microsoft said.

The Microsoft Exchange hack was identified in January and rapidly attributed to Chinese cyber spies by private sector groups.
US condemns China for ‘malicious’ cyberattacks, including Microsoft hack

While Chinese hackers are known to spy on western countries, this is one of the largest known cyber-espionage campaigns against American critical infrastructure.

“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the tech company said.

“In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

“Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.”

The US and western security agencies warned in their advisory that the activities involved “living off the land” tactics, which take advantage of built-in network tools to blend in with normal Windows systems.

It warned that the hacking could then incorporate legitimate system administration commands that appear “benign”.

The Chinese embassy in Washington did not immediately respond to a Reuters request for comment. However Beijing routinely denies carrying out state-sponsored cyber-attacks, and China in turn regularly accuses the US of cyber espionage.

Guam is home to US military facilities that would be key to responding to any conflict in the Asia-Pacific region.

Canada’s cybersecurity agency separately said it had had no reports of Canadian victims of the hacking as yet.

“However, western economies are deeply interconnected,” it added. “Much of our infrastructure is closely integrated and an attack on one can impact the other.”

The UK similarly warned the techniques used by the Chinese hackers on US networks could be applied worldwide.

Reuters and Agence France-Presse contributed to this report

Explore more on these topics

Reuse this content

Most viewed

Most viewed

Leave a Reply