Microsoft has issued a warning regarding the activities of a state-sponsored Chinese cyberespionage group named Volt Typhoon, which has been targeting critical infrastructure organizations in the United States since at least mid-2021.
In a blog post, Microsoft stated that it had uncovered targeted malicious activity aimed at post-compromise credential access and network system discovery in critical infrastructure organizations in the US. The hacking group, tracked by Microsoft, has been spying on various critical organizations, including those in the telecommunications and transportation sectors, as well as Western intelligence agencies.
Microsoft’s report also revealed that the cyberespionage campaign targeted the US island territory of Guam, which hosts strategically important American military bases crucial for responding to potential conflicts in the Asia-Pacific region.
According to Microsoft, the observed behavior of the threat actor indicates an intent to perform espionage and maintain undetected access for as long as possible, making mitigation challenging.
The US National Security Agency (NSA) is collaborating with partners such as Canada, New Zealand, Australia, the UK, and the US Federal Bureau of Investigation to identify breaches associated with these attacks.
The exact number of affected organizations remains unclear at present.
While it is known that Chinese hackers engage in spying activities against Western countries, this cyber espionage campaign against American critical infrastructure stands out as one of the largest.
Rob Joyce, NSA Cybersecurity Director, stated that the state-sponsored Chinese actor is employing “living off the land” techniques, utilizing built-in network tools to evade detection and leaving no trace behind. Such techniques are harder to detect as they leverage capabilities already present in critical infrastructure environments.
Microsoft further assessed with moderate confidence that the Volt Typhoon campaign aims to develop capabilities that could disrupt critical communications infrastructure between the US and the Asia region in future crises.
Canada’s cybersecurity agency mentioned that it had not received reports of Canadian victims thus far, but emphasized the interconnected nature of Western economies and the potential impact of an attack on one on the others.
Post Your Comments