Chinese state-backed hacking group compromised US critical infrastructure orgs

A Chinese state-sponsored hacking group gained access to critical infrastructure organizations in Guam and other parts of the U.S., Microsoft warned on Wednesday.

The group, which the company calls Volt Typhoon, has attempted to access organizations in “communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.” In one case reported on by the New York Times, the state-backed hackers breached telecommunications networks on the island of Guam, a sensitive U.S. military outpost in the Pacific, and installed a malicious script.

The Microsoft report, which was accompanied by a joint advisory from the Cybersecurity and Infrastructure Security Agency, the NSA and the FBI, as well as cybersecurity agencies in Australia, Canada, New Zealand, and the United Kingdom, did not give specifics of the breach in Guam but described a far-reaching effort by Volt Typhoon to gain access to sensitive industries and hide within the organizations’ networks.

“Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible,” Microsoft wrote. The hackers gained access via internet-facing Fortinet FortiGuard devices, then attempted to extract credentials to get access to other devices on the networks.

Once they gained access, hackers attempted to “live off the land,” the joint advisory said, meaning that they avoided malware that would arouse suspicions. The group instead focused on exfiltrating data and surveying networks.

While the campaign does appear to investigators to be espionage-related, Microsoft warned that the group is likely “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”

The hacking revelations come at an awkward moment in relations between the U.S. and China, which President Joe Biden said this week would soon “thaw.” The two nations have been increasingly bellicose in accusing one another of cyber espionage and sabotage.

Since September 2022, the Chinese government has repeatedly accused the U.S. National Security Agency of hacking into the network of the government-backed Northwestern Polytechnical University, stealing data on “sensitive identities” within China.

And on Wednesday, the Chinese government defended its ban of products by U.S. chipmaker Micron on cybersecurity grounds, saying that the U.S. has itself imposed restrictions on more than 1,000 Chinese companies.

“This is economic coercion and is unacceptable,” said Mao Ning, Foreign Ministry spokesperson, as quoted by ABC News.

In February, CISA chief Jen Easterly warned of “China’s massive and sophisticated hacking program,” saying the country faced cyber intrusions by the Chinese government “every day.”