According to Western intelligence agencies and Microsoft, a state-sponsored Chinese hacker group, known as 'Volt Typhoon,' has been surveilling various critical infrastructure sectors in the United States, ranging from telecom services to transportation systems.
Microsoft's report released on Wednesday highlighted that this covert operation also targeted Guam, a U.S. island territory housing crucial American military bases. The tech giant underscored that counteracting this incursion might prove formidable.
The hacking campaign is one of the most extensive Chinese cyber-espionage endeavors against American critical infrastructure in recent times, according to security analysts. Yet, Chinese foreign ministry spokesperson Mao Ning countered these allegations on Thursday, describing them as a "collective disinformation campaign" by the Five Eyes nations - the U.S., Canada, New Zealand, Australia, and the UK.
Mao defended that the campaign, orchestrated by the U.S. for geopolitical motives, exemplifies the widening scope of disinformation beyond government agencies. "But no matter what varied methods are used, none of this can change the fact that the United States is the empire of hacking," she remarked during a press conference in Beijing.
The extent of the affected organizations remains unclear. Still, the U.S. National Security Agency (NSA) has joined forces with its counterparts from Canada, New Zealand, Australia, and the UK, as well as the U.S. Federal Bureau of Investigation, to ascertain the breaches. All these countries cautioned they might also fall prey to such cyber threats.
According to Microsoft analysts, 'Volt Typhoon' may be developing the means to potentially disrupt critical communication infrastructure connecting the U.S. and Asia during potential crises. "It means they are preparing for that possibility," noted John Hultquist, head of threat analysis at Google's Mandiant Intelligence.
The increasing Chinese military and diplomatic coercion over Taiwan, a democratically governed territory claimed by Beijing, has spurred the U.S. President Joe Biden to commit to Taiwan's defense, potentially through force. Security analysts predict that if China invades Taiwan, Chinese hackers might target U.S. military networks and other vital infrastructure.
Western cyber agencies, including the NSA, urged organizations overseeing critical infrastructure to detect and thwart malicious activities following their technical guidance. "It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems," warned Paul Chichester, director at the UK's National Cyber Security Centre, in a statement in conjunction with the NSA.
Operating since at least 2021, the Chinese hacker group has infiltrated various industries, including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education, Microsoft revealed. The group employs a novel strategy of infecting existing systems to gather information and extract data rather than conventional hacking techniques.
The NSA's cybersecurity director, Rob Joyce, warned that this group uses "built-in network tools to evade our defenses and leaving no trace behind." Such methods are challenging to identify since they exploit "capabilities already built into critical infrastructure environments," he elaborated.
Given its strategic position as a significant communications hub connecting Asia and Australia to the U.S. through multiple submarine cables, Guam appears to be a viable target for Chinese espionage, stated Bart Hoggeveen, a senior analyst at the Australian Strategic Policy Institute.