Microsoft on Chinese hackers: American multinational technology corporation Microsoft has made a huge claim, stating that state-backed Chinese hackers have been targeting US critical infrastructure. In a blog post, it also claimed that hackers could also be laying the technical groundwork for the potential disruption of critical communications between the US and Asia during future crises.
According to the corporation, the targets include sites in Guam, where the US has a substantial military presence. It further claimed that the state-sponsored hacking group, known as Volt Typhoon, has been operating since mid-2021.
The organisations in the communications, manufacturing, utilities, transportation, construction, maritime, information technology, and educational sectors have been targeted by the hacking, which aims to get persistent access, it added.
Joint advisory sharing technical details published
Separately, the National Security Agency, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and their counterparts from Australia, New Zealand, Canada and Britain published a joint advisory sharing technical details on “the recently discovered cluster of activity.”
A Microsoft spokesman would not say why the software giant was making the announcement now or whether it had recently seen an uptick in targeting of critical infrastructure in Guam or at adjacent U.S. military facilities there, which include a major air base.
John Hultquist, chief analyst at Google’s Mandiant cybersecurity intelligence operation, called Microsoft’s announcement “potentially a really important finding.”
“We don’t see a lot of this sort of probing from China. It’s rare,” Hultquist said, as per The Associated Press (AP). “We know a lot about Russian and North Korean and Iranian cyber-capabilities because they have regularly done this.” China has generally withheld use of the kinds of tools that could be used to seed, not just intelligence-gathering capabilities, but also malware for disruptive attacks in an armed conflict, he added.
'Intruders got access through internet-facing Fortiguard devices'
Microsoft said the intrusion campaign placed a “strong emphasis on stealth” and sought to blend into normal network activity by hacking small-office network equipment, including routers. It said the intruders gained initial access through internet-facing Fortiguard devices, which are engineered to use machine-learning to detect malware.
The maker of Fortiguard devices, Fortinet, did not immediately respond to an email seeking further details.
China accused of stealing data from across the world
“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe,” said CISA Director Jen Easterly, urging mitigation of affected networks to prevent possible disruption. Bryan Vorndran, the FBI cyber division assistant director, called the intrusions “unacceptable tactics” in the same statement.
It should be mentioned here that tensions between Washington and Beijing -- which the US national security establishment considers its main military, economic and strategic rival -- have been on the rise in recent months.
(With inputs from AP)