A sign for Microsoft Corp. at the company’s office in the central business district of Lisbon, Portugal on Tuesday, December 27, 2022.
Zed Jameson | Bloomberg | Getty Images
Microsoft warned By Wednesday, Chinese state-sponsored hackers had compromised “critical” US cyberinfrastructure across many industries with a focus on intelligence gathering.
The Chinese hacking group, codenamed “Volt Typhoon”, has been operating since mid-2021, Microsoft said in a notice. The organization is apparently working to disrupt “critical communications infrastructure between the United States and Asia,” Microsoft said, in order to thwart efforts in “future crises.”
The National Security Agency issued a newsletter Wednesday, detailing how the hack works and the response from cybersecurity teams.
The attack is apparently in progress. In the advisory, Microsoft urged affected customers to “close or change credentials for all compromised accounts.”
US intelligence agencies became aware of the incursion in February, around the time a Chinese spy balloon was shot down, The New York Times reported.
At a Thursday briefing in Beijing, a spokesperson for China’s Foreign Ministry dismissed the report and the notices as “full of misinformation” and claimed the United States “is the champion of piracy.” The spokesperson also claimed the report was part of a coordinated campaign by the Five Eyes intelligence-sharing alliance, which is made up of agencies from Australia, Canada, New Zealand, the UK and the United States.
The infiltration focused on communications infrastructure in Guam and other parts of the United States, The Times reported, and was particularly alarming for US intelligence, as Guam is at the heart of a response US military in the event of an invasion of Taiwan.
Volt Typhoon is able to infiltrate organizations using an unnamed vulnerability in a popular cybersecurity suite called FortiGuard, Microsoft said. Once the hacking group gains access to a corporate system, they steal the security suite user’s credentials and use them to attempt to gain access to other corporate systems. business.
State-sponsored hackers are not yet looking to cause disruption, Microsoft said. Rather, “the threat actor intends to spy and maintain access undetected for as long as possible.”
Infrastructure in nearly every critical industry has been impacted, Microsoft said, including the communications, transportation and maritime industries. Government organizations have also been targeted.
Chinese government-backed hackers have previously targeted critical and sensitive information from US companies. Covington & Burling, a leading law firm, was hacked by suspected Chinese state-sponsored hackers in 2020.
In a Thursday editorial, state-backed Chinese newspaper China Daily fired Microsoft’s analysis and warnings from the intelligence community are “political propaganda”.
In a joint statement with international and domestic intelligence, the Cybersecurity and Infrastructure Security Agency warned that Chinese attacks pose a continuing risk to American intellectual property.
“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the world,” CISA Director Jen Easterly said in a statement. statement.