It was not immediately clear how many organizations were affected, but the US National Security Agency (NSA) said it was working with partners including Canada, New Zealand, Australia and the UK, as well as the US Federal Bureau of Investigation, to to identify the gaps. Canada, Great Britain, Australia and New Zealand have warned that they could also be targeted by hackers.
Microsoft analysts said they have “moderate confidence” that this Chinese group, which they have dubbed “Volt Typhoon,” is developing capabilities that could disrupt critical communications infrastructure between the United States and the Asian region during future crises.
“It means they’re preparing for that possibility,” said John Hultquist, who leads threat analysis at Google’s Mandiant Intelligence.
The Chinese activity is unique and worrisome also because analysts don’t yet have enough visibility into what this group might be capable of, he added.
“There is a greater interest in this actor because of the geopolitical situation.”
As China has stepped up military and diplomatic pressure to reclaim democratically-ruled Taiwan, US President Joe Biden has said he would be willing to use force to defend Taiwan.
Security analysts expect Chinese hackers could target US military networks and other critical infrastructure if China invades Taiwan.
The NSA and other Western cyber agencies have urged companies that operate critical infrastructure to identify malicious activity with the help of technical guidance they have issued.
“It is vital that operators of critical national infrastructure take steps to prevent attackers from hiding in their systems,” Paul Chichester, director of the UK’s National Cyber Security Centre, said in a joint statement with the NSA.
Microsoft said the group of Chinese hackers has been active since at least 2021 and has targeted multiple industries, including communications, manufacturing, utilities, transportation, construction, marine construction, government, information technology and education.
The NSA’s director of cybersecurity, Rob Joyce, said the Chinese campaign used “embedded network tools to circumvent our defenses and leave no trace behind.” Such techniques are harder to detect because they use ” capabilities already integrated into critical infrastructure environments,” he added.
Unlike using traditional hacking techniques, which often involve tricking the victim into downloading malicious files, Microsoft said this group infects the victim’s existing systems to find information and extract data.
“A logical target for the Chinese government”
Guam hosts US military installations that would be essential to respond to any conflict in the Asia-Pacific region. It is also an important communications center linking Asia and Australia to the United States via several submarine cables.
Bart Hoggeveen, a senior analyst at the Australian Strategic Policy Institute who specializes in state-sponsored cyber attacks in the region, said the undersea cables made Guam “a logical target for the Chinese government” to seek information.
“There is a high vulnerability when cables land on shore,” he said.
New Zealand has said it will make efforts to identify any such malicious cyber activity in its country.
“It is important to our country’s national security that we are transparent and honest with Australians about the threats we face,” said Australia’s Home Affairs and Cyber Security Minister, Clare O’Neil.
The Canadian Cyber Security Agency said it has so far had no reports of Canadian victims of this cyber attack. “However, Western economies are deeply interconnected,” she added. “Much of our infrastructure is tightly integrated and an attack on one can impact the other.”
