TheJakartaPost

Please Update your browser

Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.

Jakarta Post

Chinese hackers spying on US critical infrastructure

Beijing slams accusation as ‘disinformation’.

Agence France-Presse (The Jakarta Post)
Washington
Fri, May 26, 2023

Share This Article

Change Size

Chinese hackers spying on US critical infrastructure

S

tate-sponsored Chinese hackers have infiltrated critical United States infrastructure networks, the US, its Western allies and Microsoft said on Wednesday while warning that similar espionage attacks could be occurring globally.

Microsoft highlighted Guam, a US territory in the Pacific Ocean with a vital military outpost, as one of the targets, but said "malicious" activity had also been detected elsewhere in the US.

The stealthy attack, carried out by a China-sponsored actor dubbed "Volt Typhoon" since mid-2021, enabled long-term espionage and was likely aimed at hampering the US if there was conflict in the region, it said.

"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the statement said.

"In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education sectors."

Microsoft's statement coincided with an advisory released by US, Australian, Canadian, New Zealand and United Kingdom authorities warning that the hacking was likely occurring globally.

"This activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide," they said.

China denied the allegations, describing the Microsoft report as "extremely unprofessional" and "scissors-and-paste work".

"It is clear that this is a collective disinformation campaign of the Five Eyes coalition countries, initiated by the US for its geopolitical purposes," foreign ministry spokeswoman Mao Ning said, referring to the security alliance of the US and its Western allies that wrote the report.

"The participation of certain companies shows that aside from government organizations, the US is expanding new channels for disseminating disinformation," she said.

"But no change in tactics can alter the fact that the US is a hacker empire."

 'Living off the land'

The US and its allies said the activities involved "living off the land" tactics, which take advantage of built-in network tools to blend in with normal Windows systems.

It warned that the hacking could then incorporate legitimate system administration commands that appear "benign".

Microsoft said the Volt Typhoon attack tried to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls and VPN hardware.

"They have also been observed using custom versions of open-source tools," Microsoft said.

Microsoft and the security agencies released guidelines for organisations to try to detect and counter the hacking.

"It's what I would term a low and slow cyber activity," said Alastair MacGibbon, chief strategy officer at Australia's CyberCX and a former head of the Australian Cyber Security Centre.

"This is someone wearing a camouflage vest and carrying a sniper rifle. You don’t see them, they're not there," he told AFP.

"When you think about something that can really cause catastrophic harm, it is someone with intent who takes time to get into systems."

Once inside, the cyberattackers can steal information, he said. "But it also gives you the ability to carry out destructive acts at a later stage."

'Highly sophisticated'

A number of other governments had found similar activity since the Volt Typhoon alert was issued, said Robert Potter, cofounder of Australian cybersecurity firm Internet 2.0.

"I am not sure how communications infrastructure would be at risk from these attacks because those networks are highly resilient and difficult to bring down for more than small intervals," Potter told AFP.

"However, the ongoing threat from China-based APT [advanced persistent threat] groups is real."

The director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, said China had been stealing intellectual property and data worldwide for years.

"Today's advisory, put out in conjunction with our US and international partners, reflects how China is using highly sophisticated means to target our nation's critical infrastructure," Easterly said.

{

Your Opinion Matters

Share your experiences, suggestions, and any issues you've encountered on The Jakarta Post. We're here to listen.

Enter at least 30 characters
0 / 30

Thank You

Thank you for sharing your thoughts. We appreciate your feedback.