Microsoft says China-sponsored hackers targeted infrastructure

US tech giant says attacks targeted communications and other infrastructure in Guam and elsewhere.

US power grid
US infrastructure has been targeted by Chinese state-sponsored hacking attacks, according to Microsoft and Western cyber-agencies [File: Carlos Barria/Reuters]

Taipei, Taiwan – Microsoft and the “Five Eyes” network of Western intelligence partners have accused Chinese state-sponsored hackers of carrying out attacks against critical infrastructure in the United States.

Volt Typhoon, a Chinese state-sponsored hacking group linked to espionage activities in the past, was behind the attacks, which used techniques that could be used in other countries besides the US, spy and cybersecurity agencies from Australia, Canada, New Zealand, the United Kingdom and the US said on Thursday.

Microsoft said in a separate statement the campaign had been active since mid-2021 and targeted the manufacturing, utility, transportation, construction, maritime, government, information technology and education sectors in Guam and elsewhere in the US.

China, meanwhile, accused the US and its allies of waging a “disinformation campaign”.

“This is an extremely unprofessional report with a missing chain of evidence. This is just scissors-and-paste work,” foreign ministry spokeswoman Mao Ning said, claiming the allegations were “a collective disinformation campaign of the Five Eyes coalition countries”.

Microsoft said it had “moderate confidence” the attack was intent on disrupting “critical communications infrastructure between the United States and Asia region during future crises”.

Such a crisis would likely include an attack or blockade targeting Taiwan, an island democracy of 23 million people, which is claimed by China and is the focus of much of Beijing’s military activity.

Beijing has pledged to “reunify” with Taiwan by 2049 and has not ruled out the use of force.

The US is treaty-bound to help Taiwan defend itself and its military bases in Guam, a US territory in the western Pacific, and elsewhere in Asia would likely play a key role during any political or military crisis.

In a joint advisory, Western intelligence and cybersecurity agencies outlined ways to identify the cyber-campaign and protect infrastructure from attacks.

“Private sector partners have identified that this activity affects networks across US critical infrastructure sectors and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the statement said.

Microsoft said the Volt Typhoon campaign relies on “living off the land” attacks – or file-less malware that uses a target’s existing programs to carry out attacks rather than installing files itself – and “hands-on-keyboard” activity.

The tech giant said Volt Typhoon blends in with normal network activity by routing data through office and home networking equipment like routers, firewalls and VPNs, making the activity extremely difficult to detect.

Microsoft said the campaign uses phishing and other techniques to “perform espionage and maintain access without being detected for as long as possible”.

The reported cyber-intrusion comes months after the US in February shot down a Chinese spy balloon believed to be collecting information about US military and nuclear sites, straining already fraught US-China relations.

Beijing denied the allegations of spying and said the balloon was for civilian use.

US President Joe Biden, who has made confrontation with China a key pillar of his foreign policy, has recently pursued a thaw in relations, including setting up a meeting between US National Security Adviser Jake Sullivan and top Chinese diplomat Wang Yi in Vienna at the start of May.

Source: Al Jazeera