Western intelligence agencies and Microsoft say a Chinese state-sponsored hacking group has spied on a wide range of critical U.S. infrastructure institutions, from telecommunications to transportation hubs.
Microsoft said in a report that the espionage targeted the island of Guam, home to strategic U.S. military bases, and that "mitigating the effects of this attack could be a difficult challenge."
China and the United States have used to spy on each other, but analysts say the attacks are one of the largest known cyber espionage operations against critical U.S. infrastructure.
Chinese Foreign Ministry spokeswoman Mao Ning said on Thursday that the hacking allegations were a "mass disinformation campaign" by the "Five Eyes" countries, referring to an intelligence-sharing group that includes the United States, Canada, New Zealand, Australia and the United Kingdom.
She noted that Washington launched the campaign for geopolitical reasons, and that a local Microsoft report showed that the U.S. government uses institutions other than government agencies in disinformation campaigns.
"But regardless of the diverse methods used, none of this can change the fact that the United States is a hacking empire," she said at a regular news conference in Beijing.
Experts say Volt Typhoon develops capabilities that could disrupt critical communications infrastructure (Reuters)
It was not immediately clear how many organizations were affected, but the US National Security Agency said it was working with partners including Canada, New Zealand, Australia and the United Kingdom, as well as the FBI, to determine the extent of the violations.
Canada, the United Kingdom, Australia and New Zealand have warned they could be targeted by hackers as well.
Microsoft analysts said they had "medium confidence" that the Chinese group, dubbed Volt Typhoon, was developing capabilities that could disrupt critical communications infrastructure between the United States and the Asian region during future crises.
John Hultquist, head of threat analysis at Google's Mandiant Intelligence, said the Chinese activity is also unique and worrying, because analysts don't yet have enough insight into the group's capability.
Targeting military infrastructure
As China stepped up military and diplomatic pressure in its claim to the self-ruled island of Taiwan, U.S. President Joe Biden said he was ready to use force to defend it.
Security analysts expect Chinese hackers to try to target U.S. military networks and other critical infrastructure if China attacks Taiwan.
Microsoft said the Chinese hacking group has been active since at least 2021, targeting several sectors including telecommunications, manufacturing, utilities, transportation, construction, marine, government apparatus, information technology and education.
NSA cybersecurity director Rob Joyce noted that the Chinese attacks use "built-in network tools to evade our defenses and leave no trace behind."
In contrast to traditional hacking techniques, Microsoft said the group infects existing target systems for finding information and mining data.
Microsoft says 'Chinese hacking group' has been active since at least 2021 (Reuters)
Guam is the target
Guam is home to U.S. military installations that could play a key role in responding in the event of conflict in the Asia-Pacific region, and is a major communications hub linking Asia and Australia to America via several submarine cables.
Bart Hogvin, senior analyst at the Australian Strategic Policy Institute who specialises in state-sponsored cyberattacks in the region, said submarine cables had made Guam a "logical target for the Chinese government" for intelligence.
New Zealand said it would work to identify any such malicious cyber activity in the country.
Australian Home Affairs and Cybersecurity Minister Claire O'Neill said: "It is important for our country's national security that we deal transparently and openly with Australians about the threats we face.
The Canadian Cybersecurity Agency explained that there have been no reports so far of Canadian victims of this hacking, adding that "Western economies are strongly interconnected," and said, "A lot of our infrastructure is closely integrated, and an attack on one can affect the other."