The United States, its Western allies, and Microsoft, have issued a warning, revealing that state-sponsored Chinese hackers have successfully infiltrated critical US infrastructure networks. They also cautioned that similar espionage attacks may be taking place worldwide.
Published: undefined
China's Foreign Ministry has called the allegations a "disinformation campaign."
Published: undefined
Published: undefined
Microsoft said the Guam territory in the Pacific Ocean, home to US military bases, was one of the targets. The tech giant said "malicious" activities had happened in other parts as well and that "mitigating this attack could be challenging."
Published: undefined
Microsoft analysts said they had "moderate confidence" a Chinese group, which it dubbed "Volt Typhoon," was developing capabilities that could disrupt critical communications infrastructure between the US and Asia region during future crises.
Published: undefined
Volt Typhoon's attacks began in mid-2021 and appear to be aimed at undermining the US in the event of a regional conflict.
Published: undefined
The affected organizations span various sectors, including communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education.
Published: undefined
Published: undefined
In a coordinated effort, US, Australian, Canadian, New Zealand, and UK authorities released an advisory stating that the cyber actor behind Volt Typhoon is backed by the Chinese government and that similar hacking activities are likely occurring on a global scale.
Published: undefined
The advisory warned that the hacking operations impact critical infrastructure sectors in the US and cautioned that the same techniques could be employed against other sectors worldwide.
Published: undefined
The US and allies emphasized that the hackers employed "living off the land" tactics, exploiting built-in network tools to blend in with normal Windows systems. These tactics allowed them to incorporate seemingly harmless system administration commands.
Published: undefined
To mask their activities, the hackers routed their traffic through compromised small office and home office network equipment, such as routers, firewalls, and VPN hardware. Microsoft also noted the use of customized versions of open-source tools by the attackers.
Published: undefined
In response to these threats, Microsoft and security agencies released guidelines to aid organizations in detecting and countering these cyber intrusions.
Published: undefined
Published: undefined
China said the allegations from Microsoft and the US and its allies lacked solid proof.
Published: undefined
"This is an extremely unprofessional report with a missing chain of evidence, this is just scissors-and-paste work," Foreign Ministry spokeswoman Mao Ning said.
Published: undefined
She said the claims were "a collective disinformation campaign" initiated by Washington.
Published: undefined
Mao said the US itself was "a hacker empire" and "was expanding new channels for disseminating disinformation."
Published: undefined
John Hultquist, chief analyst at US cybersecurity company Mandiant, said that while China and Russia have historically targeted critical infrastructure, Volt Typhoon provides new insights into Chinese hacking.
Published: undefined
He described Chinese cyber threat actors as unique, as they have not frequently resorted to destructive and disruptive cyber attacks, making their capabilities less transparent. The disclosure of these activities presents a rare opportunity to investigate and prepare for this specific threat, he said.
Published: undefined
tg/nm (AFP, Reuters)
Published: undefined
Follow us on: Facebook, Twitter, Google News, Instagram
Join our official telegram channel (@nationalherald) and stay updated with the latest headlines
Published: undefined