Boston. Microsoft said on Wednesday that Chinese government-sponsored hackers are attacking critical US infrastructure and could be laying the technical groundwork for the potential disruption of critical communications between the US and Asia during a future crisis.
The targets include facilities on Guam, where the United States has a significant military presence, the company said.
Hostile activity in cyberspace—from espionage to pre-positioning malware for possible future attacks—has become a hallmark of modern geopolitical rivalry.
Microsoft noted in a blog post that the state-backed hacker group, which it refers to as Volt Typhoon, has been operational since mid-2021.
He said some of the organizations most affected by the hack — which sought continued access — included the telecommunications, manufacturing, utilities, transportation, construction, maritime, information technology and education sectors.
Separately, the National Security Agency, the Federal Bureau of Investigation (FBI), the Cyber and Infrastructure Security Agency, and their counterparts in Australia, New Zealand, Canada, and Great Britain released an advisory set in which they share technical details of “recent” activity. About the group searched in”.
A Microsoft spokeswoman declined to say why the tech giant was making the announcement at this time or whether it has recently seen an increase in attacks on critical infrastructure on Guam or nearby US military installations in the region, including A major Air Force base is also included.
John Hultquist, principal analyst for Google’s Mandiant cyber security intelligence operation, said Microsoft’s announcement was “probably a really important finding.”
“We do not see many reports of this type from China. They’re unusual,” he said. “We know a lot about the cyber capabilities of Russia and North Korea and Iran because they’ve been doing this on a regular basis.”
He said China has generally avoided using the kind of equipment, which could be used to establish not only intelligence-gathering capabilities, but also malware for damaging attacks during armed conflict. can also be done.
Microsoft said the raid campaign had “a strong emphasis on stealth” and attempted to blend in with normal network activity by hacking into small office network equipment, including routers.
He said the intruders initially gained access through FortiGuard devices, which are designed to use machine learning to detect malware.