Microsoft said the group of hackers, known as Volt Typhoon, tried to attack US military bases in Guam. China rejects the claims.
Microsoft has warned that state-backed Chinese hackers are targeting critical US infrastructure and could be laying the technical groundwork for possible disruption of communications between the US and Asia during future crises.
The company said the targets include sites in Guam, where the US has a major military presence.
Microsoft said in a blog post on Wednesday that the state-sponsored group of hackers, which it calls Volt Typhoon, has been active since mid-2021.
It said organizations affected by the hacking – which seek frequent access – are in the communications, manufacturing, utility, transport, construction, maritime, information technology and education sectors.
Separately, the National Security Agency, the FBI, the Cyber Security and Infrastructure Security Agency (CISA) and their counterparts in Australia, New Zealand, Canada and the UK – known as the Five Eyes – have conducted technical consultations on “recently discovered”. published a joint advisory sharing the details. group of activity”.
On Thursday, the Chinese government hit back, saying the allegations “lacked evidence” and accused the US of being a “hacking empire”.
Chinese Foreign Ministry spokesman Mao Ning told reporters, “It is clear that this is a collective disinformation campaign by the Five Eyes alliance, launched by the US for geopolitical reasons.”
A Microsoft spokesperson did not say why the software giant is making the announcement now or whether it has recently seen an increase in the targeting of critical infrastructure at US military facilities in or adjacent to Guam, including a major airport. also includes.
John Hultquist, principal analyst for Google’s Mandiant cyber security intelligence operation, called Microsoft’s announcement “potentially a significant discovery.”
“We don’t see a lot of investigations like this from China. It’s rare,” Hultquist said.
“We know a lot about Russian and North Korean and Iranian cyber-capabilities because they have done this regularly”.
He said China has generally stopped short of using such tools that could be used to seed, not only intelligence-gathering capabilities, but also malware for disinformation attacks in an armed conflict.
Microsoft said the intrusion campaign “emphasized stealth” and sought to blend into normal network activity by hacking small-office network equipment, including routers. It said the intruders gained initial access through Internet-facing FortiGuard devices, which are engineered to use machine-learning to detect malware.
“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the world,” said CISA director Jane Easterly, urging the affected networks to be scaled down to prevent potential disruption.
Brian Vorendran, assistant director of the FBI Cyber Division, called the intrusion an “unacceptable tactic” in the same statement.
Tensions between Washington and Beijing – which the US national security establishment considers its main military, economic and strategic rival – have been rising in recent months.
Those tensions followed a visit last year by then-House Speaker Nancy Pelosi to democratically-ruled Taiwan, leading China, which claims the island as its territory, to begin military drills around Taiwan.
US-China relations further tense after US shot down China earlier this year chinese spy balloon that crossed the United States.
Sorry Comments are closed