US critical infrastructure hacked, Chinese government-backed group blamed
The United States and its cybersecurity allies blame a Chinese government-backed hacking group for spying on critical US infrastructure organizations, including the one in the island territory of Guam, which is home to strategic military bases.
Microsoft and Western intelligence agencies said in separate reports on Wednesday that hackers had managed to insert a computer code that blended into Microsoft Windows systems, and evaded detection while maintaining access and gathering information.
In a separate statement, Microsoft said a state-sponsored Chinese hacking group, dubbed 'Volt Typhoon', had carried out the hack.
The group, it said, targeted organizations from telecommunications to transportation hubs, Western intelligence agencies and Microsoft itself, as well as the crucial US military outpost of Guam in the Pacific Ocean.
Guam is a major communications hub connecting Asia and Australia to the United States by multiple submarine cables.
“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the tech company said.
It added, “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.”
Microsoft analysts said they had "moderate confidence" this group was developing capabilities that could disrupt critical communications infrastructure between the United States and Asia region in any possible future crises.
"It means they are preparing for that possibility," added John Hultquist, who heads threat analysis at Google's Mandiant Intelligence.
Hultquist said the Chinese activity is unique and worrying as well because analysts don't yet have enough visibility on what this group might be capable of.
"There is greater interest in this actor because of the geopolitical situation,” he noted.
Security analysts warned that the hackers could target US military networks and other critical infrastructure if China attacks Chinese Taipei (Taiwan).
It was not immediately clear how many organizations were affected, or what information may have been gleaned.
ME