China-based state-sponsored hackers have been working to compromise the critical infrastructure in the U.S, Microsoft said on Wednesday. It is believed that the attacks could lead to the disruption of important communications between the United States and its interests in Asia during future crises.
Notable target sites include Guam, a small island in the Pacific with a major US Army base that could play a significant role in any confrontation with China over taiwan.
The malicious activity, believed to be ongoing, is apparently the work of Volt Typhoon, a group that has been active since 2021 and typically focuses on espionage and information gathering. Microsoft became aware of the action in February, around the time the Chinese spy balloon was shot down off the coast of South Carolina, according to a report. New York Times report.
A large number of sectors are affected by Volt Typhoon efforts and include communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education. “The observed behavior suggests that the threat actor intends to perform espionage and maintain access undetected for as long as possible,” the computer giant said.
The hacking group has been able to infiltrate specific organizations using a vulnerability in a cybersecurity suite called FortiGuard, Microsoft explained. Once it gains access to the target’s system, it obtains the FortiGuard user credentials and then uses them in attempts to infiltrate other systems.
Microsoft said that as with any observed activity of this nature, it has directly notified targeted or compromised customers and provided them with the necessary instructions to secure their systems.
Jen Easterly, director of the United States Cyber Defense Agency (CISA), said in a statement posted Wednesday: “For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the world.”
Easterly added: “Today’s advisory highlights China’s continued use of sophisticated means to attack our nation’s critical infrastructure, and provides network defenders with important information on how to detect and mitigate this malicious activity… We encourage all organizations to to review the notice, take action to mitigate risk, and report any evidence of anomalous activity. We must work together to ensure the security and resilience of our critical infrastructure.”