Microsoft (NASDAQ:MSFT) and Western intelligence agencies have warned of a state-sponsored Chinese hacking group targeting a wide range of U.S. critical infrastructure organizations, from telecommunications to transportation hubs. The espionage has also targeted the U.S. island territory of Guam, home to strategically important American military bases.
Analysts say this is one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure. The U.S. National Security Agency (NSA) is working with partners including Canada, New Zealand, Australia, and the UK, as well as the U.S. Federal Bureau of Investigation to identify breaches.
Microsoft analysts said they had “moderate confidence” this Chinese group, which it dubbed as ‘Volt Typhoon’, was developing capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.
Security analysts expect Chinese hackers could target U.S. military networks and other critical infrastructure if China invades Taiwan. The NSA and other Western cyber agencies urged companies that operate critical infrastructure to identify malicious activity using the technical guidance they issued.
Microsoft said the Chinese hacking group has been active since at least 2021 and has targeted several industries including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education.
As opposed to using traditional hacking techniques, which often involve tricking a victim into downloading malicious files, Microsoft said this group infects a victim’s existing systems to find information and extract data.
The NSA cybersecurity director Rob Joyce said the Chinese campaign was using “built-in network tools to evade our defenses and leaving no trace behind.” Such techniques are harder to detect as they use “capabilities already built into critical infrastructure environments,” he added.
Western governments have urged companies to take action to prevent attackers hiding on their systems. Microsoft said mitigating this attack could be challenging.