Microsoft warns of cyberattacks on critical U.S. infrastructure

Highlights: Hackers have targeted critical infrastructure in the U.S., according to a blog post from Microsoft's cybersecurity division. The actions can be traced back to a hacker group known as "Volt Typhoon", which has been active since 2021. Microsoft's security researchers are "moderately sure" that the actions are aimed at being able to disrupt "the critical communications infrastructure between the United States and the Asian region" A spokeswoman for the Chinese embassy in Washington DC contradicted the allegations: "The US side's claim that the Chinese government supports 'hacking' is a complete distortion of the truth"

A hacker group is said to have nested in U.S. networks, including on the strategically important Pacific island of Guam. In an emergency, they could have disrupted communication between the United States and Asia.

Zoom Image

U.S. aircraft carriers off Guam: The hackers have also attacked facilities on the Pacific island

Photo: CONNER D. BLAKE / AFP

Suspected state-backed Chinese hackers have targeted critical infrastructure in the U.S., according to a blog post from Microsoft's cybersecurity division. In addition to targets in the heartland of the United States, the attackers have also attacked sites on the Pacific island of Guam, where the United States operates large military bases. According to the company, the actions can be traced back to a hacker group known as "Volt Typhoon", which has been active since 2021.

According to Microsoft, the targets of the hacker attacks include companies and organizations in the fields of communication, production, utilities, transportation, construction, shipping, information technology and education. The practices observed by Microsoft's experts suggest that they are primarily aimed at espionage and try to remain undetected for as long as possible after they have gained access to their victims' systems.

Instead of relying on automatic tools, hackers would rely on manual labor in their actions, for example by using so-called "living off the land" techniques. Roughly speaking, these are based on the fact that the attackers misuse software already available on the target systems for their goals instead of infiltrating their own software. Thus, their activities are harder to detect and leave fewer traces.

Preparatory work for future disruptive actions

In the first step, the attackers were concerned with collecting access data of regular users in the systems and exfiltrating them in order to be able to use them for future actions. Again, the attackers tried to remain undetected by trying to hide their data taps in the normal data streams of the networks.

According to the blog post, Microsoft's security researchers are "moderately sure" that the actions of "Volt Typhoon" are aimed at being able to disrupt "the critical communications infrastructure between the United States and the Asian region" in future crises.

China disagrees

Parallel to Microsoft's blog post, the U.S. cybersecurity agency CISA, together with the FBI, the NSA and the other members of the so-called "Five Eyes Coalition", consisting of British, Canadian, Australian and New Zealand authorities, published a warning about the hacking activities described by Microsoft. Among other things, it states that the attackers could use their methods worldwide. In its statement, the authority provides advice on how system operators can detect the hidden activities of the attackers and better protect themselves from them.

And she leaves no doubt about her assessment that the actions are controlled from China. For years, China has been conducting "aggressive cyber operations to steal intellectual property and sensitive data from organizations around the world," says CISA Director Jen Easterly.

On CNN, a spokeswoman for the Chinese embassy in Washington DC contradicted the allegations: "The US side's claim that the Chinese government supports 'hacking' is a complete distortion of the truth." A spokeswoman for the Foreign Ministry in Beijing described the CISA warning as a "collective disinformation campaign by the Five Eyes coalition".

"Possibly a very important insight"

John Hultquist, chief analyst at Google-owned cybersecurity firm Mandiant, described Microsoft's announcement as a "potentially very important finding". So far, little is known about such exploratory actions emanating from China. "We know a lot about the cyber capabilities of Russia, North Korea and Iran because these states have regularly carried out such actions," says Huiltquist. However, China has so far been reluctant to take actions that not only serve to collect information, but could also be used to spread malware in the event of an armed conflict.

Tensions between Washington and Beijing – considered by the US national security apparatus to be its main military, economic and strategic rival – have increased significantly in recent months. China responded to a visit to Taiwan by then-Speaker of Parliament Nancy Pelosi by conducting military exercises around the island. China has long claimed Taiwan as part of its territory.

U.S.-China relations were further strained earlier this year after the U.S. shot down a suspected Chinese spy balloon as it crossed the United States.

mak/AP

Microsoft warns of cyberattacks on critical U.S. infrastructure

Preparatory work for future disruptive actions

China disagrees

"Possibly a very important insight"

You may like

Trends 24h

Latest