Chinese Hackers Target U.S. Infrastructure: Microsoft Raises Alarm
In a recent warning, Microsoft revealed that Chinese state-sponsored hackers have successfully compromised “critical” cyberinfrastructure in various sectors across the United States, primarily focusing on intelligence gathering. Referred to as “Volt Typhoon,” this hacking group has been active since mid-2021, aiming to disrupt essential communication infrastructure between the U.S. and Asia, potentially impacting future crisis management efforts.
The National Security Agency (NSA) has also issued a bulletin outlining the details of the attack and guiding cybersecurity teams to respond effectively. The attack is reportedly ongoing, prompting Microsoft to advise affected customers to take immediate action by closing or changing credentials for compromised accounts.
The incursion was initially detected by U.S. intelligence agencies in February, coinciding with the downing of a Chinese spy balloon, according to The New York Times reports. The focus of the infiltration has primarily been on communications infrastructure in Guam and other U.S. locations. The significance of this targeting is of particular concern to U.S. intelligence, as Guam plays a crucial role in the American military’s response plans in the event of a potential Taiwanese invasion.
Microsoft disclosed that Volt Typhoon exploits an undisclosed vulnerability in a widely used cybersecurity suite called FortiGuard to access targeted organizations. Once inside a corporate system, the hackers steal user credentials from the security suite and leverage them to infiltrate other systems within the same organization.
It is important to note that the objective of these state-sponsored hackers, as stated by Microsoft, is not immediate disruption but long-term espionage and maintaining undetected access for as long as possible. The impact of the attack spans multiple critical sectors, including communications, transportation, maritime, and government organizations.
This incident adds to a history of Chinese government-backed cyber intrusions targeting sensitive information from U.S. companies. Notably, in 2020, a prominent law firm named Covington and Burling fell victim to suspected Chinese state-sponsored hackers.
In response to this persistent threat, the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint statement with international and domestic intelligence services, emphasizing the ongoing risk posed by Chinese attacks on American intellectual property. CISA Director Jen Easterly highlighted China’s history of aggressive cyber operations aimed at stealing sensitive data and intellectual property globally.