China-Sponsored Hackers Targeting Critical US Sectors, Microsoft & Western Intelligence Agencies Say

According to reports from Western intelligence agencies and Microsoft, a state-sponsored Chinese hacking group has been engaged in extensive espionage targeting critical infrastructure organisations in the United States. Sectors such as telecommunications, transportation hubs, and even the US territory of Guam, which houses strategically significant American military bases, have been affected. Microsoft warned that mitigating this attack would pose a challenge due to its scope. While mutual spying between China and the United States is not uncommon, analysts note that this is one of the largest cyber-espionage campaigns by China against American critical infrastructure to date. The Chinese embassy in Washington has yet to respond to requests for comment regarding these allegations.

The extent of the impact on organisations remains uncertain, but the US National Security Agency (NSA) is collaborating with partners from Canada, New Zealand, Australia, and the UK, as well as the US Federal Bureau of Investigation, to identify breaches. Canada, the UK, Australia, and New Zealand have also raised concerns about potential targeting by the hackers.

Microsoft's analysts, who have labelled the Chinese group as 'Volt Typhoon', have expressed "moderate confidence" that the hackers are developing capabilities that could disrupt critical communications infrastructure between the United States and the Asia region during future crises. This suggests they are preparing for such scenarios, according to John Hultquist, head of threat analysis at Google's Mandiant Intelligence.

ALSO READ: Chinese Hackers Targeted Kenyan Government Over Several Years To Acquire Debt-Related Data: Report

The unique and worrisome aspect of this Chinese activity lies in the lack of visibility into the group's true capabilities, making it a subject of greater interest for analysts. The geopolitical situation, particularly China's increased military and diplomatic pressure concerning Taiwan, further heightens concerns. Should China invade Taiwan, security analysts anticipate that Chinese hackers might target U.S. military networks and other critical infrastructure.

The NSA and other Western cyber agencies are urging companies operating critical infrastructure to take action by identifying any malicious activity using the technical guidance provided. It is crucial to prevent attackers from remaining undetected on systems, emphasised Paul Chichester, director at the UK's National Cyber Security Centre, in a joint statement with the NSA.

Microsoft revealed that the Chinese hacking group has been active since at least 2021 and has targeted various industries, including communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education. The Chinese campaign reportedly employs built-in network tools that evade defences and leave no trace behind, making detection more challenging.

Unlike traditional hacking methods that rely on tricking victims into downloading malicious files, this group infects existing systems to gather information and extract data. Guam, with its US military facilities crucial for Asia-Pacific conflict response and its role as a communications hub connecting Asia, Australia, and the United States through submarine cables, presents an attractive target for Chinese intelligence gathering.

Experts stress the vulnerability associated with cables landing on the shores of Guam. Bart Hoggeveen, a senior analyst specialising in state-sponsored cyber attacks at the Australian Strategic Policy Institute, asserts that these cables make Guam a logical target for the Chinese government.

New Zealand has committed to identifying any malicious cyber activity within its borders, emphasising the importance of transparency in addressing national security threats. Australia's Minister for Home Affairs and Cyber Security, Clare O'Neil, acknowledges the interconnectedness of Western economies and the potential impact of an attack on one country's infrastructure on others. The Canadian cybersecurity agency has not reported any Canadian victims of this hacking thus far but highlights the interdependence of Western economies, indicating that an attack on one country can affect others.