Microsoft accuses Chinese-backed hackers of paving the way to attack “critical infrastructure” in the US.
Microsoft on Chinese hackers: American multinational technology corporation Microsoft has made a big claim, claiming that state-backed Chinese hackers have been targeting critical US infrastructure. In a blog post, it also claimed that hackers could also be laying the technical groundwork for the possible interruption of critical communications between the US and Asia during future crises.
According to the corporation, the targets include sites on Guam, where the United States has a substantial military presence. Furthermore, he claimed that the state-sponsored hacking group, known as Volt Typhoon, has been operating since mid-2021.
Organizations in the communications, manufacturing, utilities, transportation, construction, shipping, information technology and education sectors have all been targeted for hacking, the goal of which is to gain persistent access, it added.
Joint notice sharing published technical details
Separately, the National Security Agency, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and their counterparts from Australia, New Zealand, Canada and Great Britain released a joint advisory sharing technical details about “group activity recently discovered.”
A Microsoft spokesman would not say why the software giant was making the announcement now or whether it had recently seen a spike in attacks on critical infrastructure on Guam or adjacent US military installations there, which include a major airbase.
John Hultquist, chief analyst at Google’s Mandiant cybersecurity intelligence operation, called Microsoft’s announcement “a potentially very important finding.”
“We don’t see much of this type of research in China. It’s weird,” Hultquist said, according to The Associated Press (AP). “We know a lot about the cyber capabilities of Russia, North Korea, and Iran because they have done it regularly.” China has generally withheld use of the kinds of tools that could be used to seed not just intelligence-gathering capabilities, but also malware for disruptive attacks in armed conflict, she added.
‘The intruders gained access through Fortiguard devices with Internet access’
Microsoft said the intrusion campaign placed a “strong emphasis on stealth” and sought to blend in with normal network activity by hacking into small office network equipment, including routers. He said the intruders gained initial access through Internet-facing Fortiguard devices, which are designed to use machine learning to detect malware.
The maker of the Fortiguard devices, Fortinet, did not immediately respond to an email seeking more details.
China accused of stealing data from around the world
“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the world,” said CISA Director Jen Easterly, urging mitigation of affected networks to prevent potential disruption. Bryan Vorndran, deputy director of the FBI’s cyber division, called the intrusions “unacceptable tactics” in the same statement.
It is worth mentioning here that tensions between Washington and Beijing, which the US national security establishment considers its main military, economic and strategic rival, have increased in recent months.
(With contributions from AP)
latest world news