State-sponsored hackers based in China have been working to compromise critical infrastructure in the U.S., Microsoft said on Wednesday. It’s thought the attacks could lead to the disruption of important communications between the U.S. and its interests in Asia during future crises.
Notable target sites include Guam, a small island in the Pacific with an important U.S. army base that could play an important role in any clash with China over Taiwan.
The malicious activity, which is believed to be ongoing, is apparently the work of Volt Typhoon, a group that’s been active since 2021 and typically focuses on espionage and information gathering. Microsoft became aware of the action in February, around the time when the Chinese spy balloon was brought down off the coast of South Carolina, according to a New York Times report.
A large number of sectors are impacted by Volt Typhoon’s efforts and include communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education. “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible,” the computer giant said.
The hacking group has been able to infiltrate targeted organizations using a vulnerability in a cybersecurity suite called FortiGuard, Microsoft explained. Once it’s managed to access the target’s system, it nabs user credentials from FortiGuard and then uses them in attempts to infiltrate other systems.
Microsoft said that as with any observed activity of this nature, it has directly notified targeted or compromised customers and provided them with the necessary instructions for securing their systems.
Jen Easterly, director of America’s cyber defense agency (CISA), said in a statement published on Wednesday: “For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe.”
Easterly added: “Today’s advisory highlights China’s continued use of sophisticated means to target our nation’s critical infrastructure, and it gives network defenders important insights into how to detect and mitigate this malicious activity … We encourage all organizations to review the advisory, take action to mitigate risk, and report any evidence of anomalous activity. We must work together to ensure the security and resilience of our critical infrastructure.”