According to Wednesday reports from Western intelligence agencies and Microsoft, a state-sponsored Chinese hacking group has been spying on various US critical infrastructure organisations, notably telecommunications and transportation facilities.
Overview
Microsoft has warned that Volt Typhoon, a state-sponsored Chinese cyberespionage group, has targeted critical infrastructure organisations in the US since at least mid-2021, including communications, manufacturing, utility, transport, construction, maritime, government, information technology, and education.
Analysts claim this is one of the most extensive Chinese cyber-espionage campaigns against American critical infrastructure.
The American company stated in a blog post that it “has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the United States.” The observed behaviour further indicates that the “threat actor intends to perform espionage and maintain access without being detected for as long as possible.”
As opposed to employing classic hacking methods, such as tricking a victim into downloading harmful files, Microsoft claims that this gang infects a target’s current computers to gather information and extract data.
The espionage has also targeted the US island territory of Guam, home to strategically important American military bases, Microsoft said in a report, adding that 'mitigating this attack could be challenging.'#MalaysiaNow #MNow #Malaysia #UnitedStates https://t.co/xcAmAVAiM2
— MalaysiaNow (@MNowNews) May 25, 2023
Analysts have reportedly determined with “moderate confidence” that this Chinese programme was developing capabilities that could potentially disrupt crucial communications networks between the US and Asia during future crises.
John Hultquist, who heads threat analysis at Google’s Mandiant Intelligence, stated, “It means they are preparing for that possibility.” He added that the Chinese activity is unique and troubling because analysts do not yet have sufficient visibility into the group’s potential capabilities.
Microsoft stated that the espionage has also targeted the US island territory of Guam, home to strategically significant American military locations, and added that “mitigating this attack could be challenging.”
Guam is home to a US military facility that would be critical in the case of an Asia-Pacific conflict. It is also an integrated communications centre, with numerous undersea cables linking Asia and Australia to the US.
Western Allies Evaluate Potential Threat
The US National Security Agency (NSA) stated that it collaborated with partners from Canada, New Zealand, Australia, the UK, and the FBI to identify breaches. Canada, the UK, Australia and New Zealand cautioned that the hackers could also target them.
NSA Cybersecurity Director Rob Joyce said, “A PRC (People’s Republic of China) state-sponsored actor is living off the land, using built-in network tools to evade our defences and leaving no trace behind.” He added that “living off the land” spy tactics are more difficult to detect as they rely on “capabilities already built into critical infrastructure environments.”
The Canadian cybersecurity agency stated that there have been no instances of Canadians being hacked yet. However, “Western economies are deeply interconnected,” it warned, adding, “Much of our infrastructure is closely integrated and an attack on one can impact the other.”
@PeterDutton_MP
— LonePine (@NWGLP) May 24, 2023
China government spying on Australia
Shadow Home Affairs and Cyber Security Minister James Paterson says if this activity is happening in the US, then it’s “almost certainly occurring in Australia”. https://t.co/fLhgG1mG7o
Similarly, the UK raised the concern that Chinese hackers’ methods on US networks could be used anywhere. In a joint statement with the NSA, Paul Chichester, director of the UK’s National Cyber Security Centre, said, “It is critical that operators of critical national infrastructure take action to prevent attackers hiding on their systems.”
New Zealand said it would try to identify any hostile cyber activities in its country.
Australian Minister for Home Affairs and Cyber Security Clare O’Neil stated, “It’s important for the national security of our country that we’re transparent and upfront with Australians about the threats that we face.”
Repeated Allegations of China Spying on the US
In last March, the US charged five persons for spying on, stalking, and harassing Chinese dissidents on behalf of China’s secret police. The five individuals were arrested by the Justice Department (DOJ) for engaging in “transnational repression schemes to target US residents whose political views and actions are disfavored by the Chinese Communist Party (CPC).”
In last May, the DOJ disclosed that one American citizen and four Chinese intelligence agents had been charged with spying on Chinese dissidents, human rights advocates, and pro-democracy activists in the US.
The United States China Commission (USCC) issued a report on China’s increasing involvement in the agricultural sector in the US. According to the document, food security issues and related vulnerabilities have prompted China to increase its investments in the US.