Chinese malware targeting critical infrastructure, warn Microsoft and US government

Microsoft security researchers have uncovered a Chinese-sponsored hacking campaign targeting critical infrastructure in Guam and other unspecified locations in the United States, the tech giant warned Wednesday. The hacking operation, codenamed “Volt Typhoon,” has been active since mid-2021 and “could disrupt critical communications infrastructure between the United States and the Asia region in future crises.”

Microsoft did not detect any offensive attacks, but noted that Chinese hackers and military regularly prioritize espionage and information gathering over destruction.

US federal law enforcement and intelligence agencies, including the FBI, NSA and the Cybersecurity and Infrastructure Security Agency (CISA), released a bulletin on Wednesday outlining the current Volt Typhoon operational manual as well as a code roadmap allowing potential victims to detect the intruder.

According to the bulletin, authorities “recently uncovered” the activity group. “Private sector partners have identified that this activity affects networks in critical infrastructure sectors in the United States, and the author agencies believe that the actor could apply the same techniques against these sectors and others around the world” , continues the brief.

China on Thursday denied the latest hacking allegation, calling it a US disinformation campaign, according to Reuters news agency. “Relevant reports from Western agencies have no evidence,” Reuters quoted Chinese Foreign Ministry spokesman Mao Ning in a regular press briefing.

US intelligence agencies first discovered the malware in February, around the same time the US shot down a Chinese spy balloon, The New York Times first reported. The activity of the Chinese-sponsored hacking group would have alarmed US officials, given its proximity to Andersen Air Force Base. Guam’s naval port would play an extremely important role in launching any US military response to a Taiwanese invasion.

“Attacks on our critical infrastructure in the event of a Chinese invasion of Taiwan are unfortunately not outlandish,” said CISA Director Jen Easterly. warned in February.

At the time, Easterly called the threat of cyber intrusions “much more dangerous” than China’s surveillance balloon.

“Our country is subject to cyber intrusions from the Chinese government every day, but these intrusions rarely make national headlines,” Easterly said. “These intrusions can cause real harm to our nation, resulting in the theft of our intellectual property and personal information; and even more detrimental, establishing a foothold to disrupt or destroy the computing and physical infrastructure that Americans rely on every hour of every day – for our electricity, water, transportation, communications, healthcare and much more.

Once Volt Typhoon gains access to a network, it steals user credentials in order to gain access to other computer systems, according to Microsoft. “The observed behavior suggests that the threat actor intends to eavesdrop and maintain access undetected for as long as possible,” Microsoft security researchers noted in Wednesday’s blog post. .

Microsoft warned that the affected organizations cover almost all critical infrastructure sectors, including “communications, manufacturing, utilities, transportation, construction, maritime, government, information technology and education”.

Microsoft urged affected customers to “close or change credentials for all compromised accounts.”

As it did on Thursday, China has consistently denied hacking into US networks, even after US investigators accused the People’s Republic of China of stealing the the personal information of millions of current and former federal workers under the Obama administration.

The Biden White House hastily established cybersecurity standards for critical infrastructure after elevate ransomware attackslike the 2021 offensive linked to Russia on the colonial pipeline, to a question of national security.