BOSTON: State-backed Chinese hackers have been targeting US critical infrastructure and could be laying the technical groundwork for the potential disruption of critical communications between the US and Asia during future crises, Microsoft said Wednesday. The targets include sites in Guam, where the US has a major military presence, it said.
Microsoft said the state-sponsored group of hackers, which it calls Volt Typhoon, has been active since mid-2021. It said organisations affected by the hacking are in the communications, manufacturing, utility, transportation, construction, maritime, information technology and education sectors.
Separately, the National Security Agency, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and their counterparts from Australia, New Zealand, Canada and Britain published a joint advisory sharing technical details on “the recently discovered cluster of activity”.
A Microsoft spokesman would not say why the software giant was making the announcement now.
John Hultquist, chief analyst at Google’s Mandiant cybersecurity intelligence operation, called Microsoft’s announcement “potentially a really important finding”. “We don’t see a lot of this sort of probing from China.”
Microsoft said the intrusion campaign sought to blend into normal network activity by hacking small-office network equipment, including routers. It said the intruders gained access through internet-facing Fortiguard devices, which are engineered to use machine-learning to detect malware. The maker of Fortiguard devices, Fortinet, did not respond to an email.
Microsoft said the state-sponsored group of hackers, which it calls Volt Typhoon, has been active since mid-2021. It said organisations affected by the hacking are in the communications, manufacturing, utility, transportation, construction, maritime, information technology and education sectors.
Separately, the National Security Agency, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and their counterparts from Australia, New Zealand, Canada and Britain published a joint advisory sharing technical details on “the recently discovered cluster of activity”.
A Microsoft spokesman would not say why the software giant was making the announcement now.
John Hultquist, chief analyst at Google’s Mandiant cybersecurity intelligence operation, called Microsoft’s announcement “potentially a really important finding”. “We don’t see a lot of this sort of probing from China.”
Microsoft said the intrusion campaign sought to blend into normal network activity by hacking small-office network equipment, including routers. It said the intruders gained access through internet-facing Fortiguard devices, which are engineered to use machine-learning to detect malware. The maker of Fortiguard devices, Fortinet, did not respond to an email.