Chinese hackers are spying on US critical infrastructure, Microsoft and Western intelligence agencies say

A state-sponsored Chinese hacking group is spying on a wide range of U.S. critical infrastructure organizations, from telecommunications to transportation hubs, Western intelligence agencies and Microsoft said Wednesday.

Spying has also targeted the US island territory of Guam, home to strategically important US military bases, Microsoft said in a report, adding that “mitigating this attack could be difficult.”

While China and the United States regularly spy on each other, analysts say this is one of the biggest known Chinese cyber espionage campaigns against US critical infrastructure.

Chinese Foreign Ministry spokesman Mao Ning said Thursday that the hacking allegations were a “collective disinformation campaign” by the Five Eyes countries, a reference to the intelligence-sharing group made up of the United States, the Canada, New Zealand, Australia and the UK.

Mao said the campaign was launched by the United States for geopolitical reasons and that Microsoft analysts’ report showed the US government was extending its disinformation channels beyond government agencies.

“But regardless of the varied methods used, none of this can change the fact that the US is the hacking empire,” she told a regular press briefing in Beijing.

The number of organizations affected was not immediately clear, but the US National Security Agency (NSA) said it was working with partners including Canada, New Zealand, Australia and the United Kingdom. United States, as well as with the United States Federal Bureau of Investigation to identify violations. Canada, the UK, Australia and New Zealand have warned they could also be targeted by hackers.

Microsoft analysts said they have “moderate confidence” that this Chinese group, which it dubbed “Volt Typhoon”, was developing capabilities that could disrupt critical communications infrastructure between the United States and the Asian region. in future crises.

“It means they’re preparing for that possibility,” said John Hultquist, who leads threat analysis at Google’s Mandiant Intelligence.

The Chinese activity is unique and worrying also because analysts do not yet have enough visibility on what this group could be capable of, he added.

“There is greater interest in this actor due to the geopolitical situation.”

As China has stepped up military and diplomatic pressure in its demand for a democratically governed Taiwan, US President Joe Biden has said he would be prepared to use force to defend Taiwan.

Security analysts expect Chinese hackers could target US military networks and other critical infrastructure if China invades Taiwan.

The NSA and other Western cyber agencies have urged companies that operate critical infrastructure to identify malicious activity using technical guidance they have published.

“It is vital that operators of critical national infrastructure take action to prevent attackers from hiding on their systems,” said Paul Chichester, director of the UK’s National Cyber ​​Security Centre, in a statement. joint with the NSA.

Microsoft said the Chinese hacking group has been active since at least 2021 and targets multiple industries, including communications, manufacturing, utilities, transportation, construction, maritime, government, information technology and education.

NSA Cybersecurity Director Rob Joyce said the Chinese campaign was using “built-in network tools to evade our defenses and leave no trace behind.” Such techniques are harder to detect because they use “capabilities already built into critical infrastructure environments,” he added.

Instead of using traditional hacking techniques, which often involve tricking a victim into downloading malicious files, Microsoft said this group infects a victim’s existing systems to find information and extract data.

Guam is home to U.S. military installations that would be critical to responding to any conflict in the Asia-Pacific region. It is also a major communication center linking Asia and Australia to the United States through several submarine cables.

Bart Hoggeveen, a senior analyst at the Australian Strategic Policy Institute who specializes in state-sponsored cyberattacks in the region, said the undersea cables made Guam “a logical target for the Chinese government” to seek intelligence .

“There is great vulnerability when the cables land on the shore,” he said.

New Zealand said it would work to identify any such malicious cyber activity in its country.

“It is important to our country’s national security that we are transparent and candid with Australians about the threats we face,” said Australian Home Affairs and Cybersecurity Minister Clare O’Neil.

Canada’s cybersecurity agency said it does not yet have any reports of Canadian victims of this hack. “However, Western economies are deeply interconnected,” he added. “Much of our infrastructure is tightly integrated and an attack on one can impact the other.”