Microsoft says China cyber espionage group Volt Typhoon attacked and compromised critical US infrastructure
Microsoft has issued a formal warning, stating that a hacking group supported by the Chinese government has successfully breached vital infrastructure within the United States. The primary objective of this intrusion is to disrupt the communication channels connecting the US and Asia in the event of a crisis.
In an uncommon declaration concerning a breach in systems, the technology group based in the United States has officially disclosed that a hacking collective known as "Volt Typhoon" has been active since mid-2021. Microsoft has revealed that these hackers have successfully penetrated various organizations across different sectors by capitalizing on weaknesses found in a widely used cybersecurity platform named FortiGuard.
“In this campaign, the affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors,” Microsoft said. Furthermore, Microsoft emphasized that the actions of the hacking group have primarily centered on gathering intelligence and engaging in espionage, rather than seeking to immediately instigate disruptive consequences.
It added: “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”
Microsoft has announced that it has notified customers who have been specifically targeted or compromised, and has strongly advised them to promptly close or enhance the security of their accounts.
On Wednesday, both US and international authorities in the field of cybersecurity jointly issued an advisory notice concerning Volt Typhoon. This notice serves as a warning regarding not only the activities of this hacking group but also the broader Chinese state-sponsored cyber threats.
Rob Joyce, cyber security director of the US National Security Agency, said: “A PRC state-sponsored actor is living off the land, using built-in network tools to evade our defences and leaving no trace behind. That makes it imperative for us to work together to find and remove the actor from our critical networks.”
“Living off the land” refers to cyber attacks that use legitimate tools already installed in a person’s devices to carry out a hack, making it far more difficult to detect than traditional malware attacks that typically require a victim to download files.
John Hultquist, chief analyst at Mandiant Intelligence — a cyber defence service owned by Google — said the Volt Typhoon hack was “aggressive and potentially dangerous”.
“Chinese cyberthreat actors are unique among their peers in that they have not regularly resorted to destructive and disruptive cyber attacks. As a result, their capability is quite opaque. This disclosure is a rare opportunity to investigate and prepare for this threat.”
Thanks for visiting Our Secret House. Create your free account by signing up or log in to continue reading.
