A shadowy Chinese government-backed hacking group attacked critical U.S. networks, including in Guam, where it may have spied on the U.S. to gain an edge ahead of future crises, according to a Microsoft report and U.S. government advisory.
Microsoft said the organization, dubbed “Volt Typhoon,” has been active since 2021 to break into so-called “critical infrastructure” in Guam and other U.S. sites with the intent to secure long-term hidden access to networks and conduct espionage, according to a report published Wednesday. While targets spanned the U.S., Microsoft highlighted infiltration of national security-specific infrastructure in Guam, an important U.S. territory and military outpost in the Pacific that would likely serve as the front-line of U.S. defenses in the event of a conflict over Taiwan.
“This Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” Microsoft wrote. “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.” (RELATED: Marine Corps Opens First New Base In Decades To Counter Potential Chinese Invasion Of Taiwan)
China is known to spy on sensitive U.S. defense sites. Earlier in 2023, the Department of Defense revealed China has coordinated regular spy balloon flights over Guam and Hawaii.
Volt Typhoon’s methods of intrusion are particularly difficult to detect because the techniques used replicate legitimate network activity and take advantage of poorly-guarded home or office routers. The hackers spied on U.S. communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education sectors, according to Microsoft.
Another research organization later added that it, too, had identified instances of Volt Typhoon activities “primarily targeting U.S. defense and government” networks for espionage purposes, Reuters reported. Hackers sought out information that would “shed light on U.S. military activities,” Marc Burnard of Secureworks told the outlet.
The National Security Agency issued a joint advisory the same day with counterparts from New Zealand and Australia to governments and private sector entities, warning that other sectors worldwide could fall prey to the hackers. The notice provided instructions on how to bolster defenses against Volt Typhoon and detect signs of infiltration.
PRC has a long history of targeting US critical infrastructure. As noted by @ODNIgov, the PRC “probably represents the broadest, most active & persistent cyber espionage threat” & is “almost certainly capable of launching cyberattacks that could disrupt critical infrastructure.”
— Jen Easterly🛡️ (@CISAJen) May 24, 2023
“We recognize the actor from a series of intrusions that have targeted air, maritime and land transportation targets, as well as other organizations,” John Hultquist, chief analyst at Google’s Mandiant Intelligence, told The Washington Post. “There are a variety of reasons actors target critical infrastructure, but a persistent focus on these sectors may indicate preparation for disruptive or destructive cyberattack.”
In response to the advisory, China on Thursday accused the U.S. of waging a “disinformation campaign” and hypocritically singling out Beijing when U.S. cyber forces also seek to penetrate and maintain a foothold in adversaries’ networks.
“We noted this extremely unprofessional report – a patchwork with a broken chain of evidence,” Foreign Ministry spokesperson Mao Ning said.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.