Microsoft: State-sponsored Chinese hackers could be laying groundwork for disruption

State-backed Chinese hackers have been targeting U.S. critical infrastructure, including the energy sector, Microsoft says.

Microsoft: State-sponsored Chinese hackers could be laying groundwork for disruption

Microsoft reported Wednesday that state-sponsored Chinese hackers are targeting U.S. critical systems and may be laying the groundwork to disrupt critical communications between America and Asia in future crises.

The company stated that the targets included sites on Guam where the U.S. maintains a large military presence.

Cyberspace hostile activity -- from espionage and advanced positioning malware to potential future attacks -- is now a hallmark for modern geopolitical rivalry.


Said in a Blog Post

Volt Typhoon is a state-sponsored hacker group that has been active in the United States since mid-2021. The hacking, which aims to gain persistent access, has affected organizations in the communication, manufacturing, utility and transportation sectors, as well as maritime, education, information technology, and the information technology sector.

Separately, National Security Agency, FBI, Cybersecurity and Infrastructure Security Agency and their counterparts in Australia, New Zealand and Canada, as well as Britain, were also involved.

Published a joint advisory

Sharing technical details about 'the newly discovered cluster of activities'

Microsoft's spokesman refused to say why it made the announcement or if the company had seen an increase in recent months in the targeting of critical infrastructure on Guam, or adjacent U.S. military installations there including a major base.

John Hultquist is the chief analyst of Google's Mandiant cybersecurity intelligence unit. He called Microsoft's announcement "potentially an important finding."

We don't often see this kind of investigation from China. Hultquist stated that it is rare. We know a great deal about the cyber-capabilities of Russia, North Korea and Iran because they do this regularly. China has generally withheld use of the kinds of tools that could be used to seed, not just intelligence-gathering, but tools for disruptive attacks, he added.

Microsoft stated that the intrusion campaign was'strongly focused on stealth,' and aimed to blend in with normal network activity through hacking of small-office equipment including routers.

"China has been conducting aggressive cyber operations for years to steal sensitive data and intellectual property from organizations all over the world," said CISA Director Jen Easterly. She urged mitigation of affected networks in order to avoid possible disruption. Bryan Vorndran (assistant director of the FBI's cyber division) called the intrusions "unacceptable tactics" in the same press release.

In recent months, tensions between Washington and Beijing - which the U.S. National Security establishment views as its main strategic, military and economic rival - have increased.

Tensions erupted last year following Nancy Pelosi’s visit to Taiwan, a democratically-governed island. China, who claims Taiwan as its territory launched military exercises in the area.

The U.S. and China relations were further strained in the first half of this year when the U.S. shot a Chinese spy ballon that crossed the United States.