Microsoft warns that a Chinese state-sponsored hacking group has compromised the “critical” infrastructure of the US to disrupt communications in case of an emergency between the US and Asia.
Microsoft, in a rare announcement of a system breach, said that the hackers have been operating since mid-2021. Microsoft reported that the hackers were able to penetrate organisations in various industries by exploiting vulnerabilities within a popular Cyber Security platform named FortiGuard.
Microsoft stated that “in this campaign, the organizations affected span the communication, manufacturing, utility sector, transportation, construction and maritime sectors, government, IT, education, and information technology sectors.” Microsoft said that the hacking group had primarily focused on gathering intelligence, espionage and disruption rather than immediate disruption.
Microsoft added that it had a moderate level of confidence in its assessment that the Volt Typhoon program is developing capabilities that can disrupt the critical communications infrastructure between United States and Asia during future crises.
Microsoft has notified customers who are targeted or compromised and asked them to close their accounts or secure them.
On Wednesday, the US and international cyber-security authorities released a joint notice regarding Volt Typhoon that warned about Chinese state sponsored cyber threats.
Rob Joyce, director of cyber security at the US National Security Agency said: “A PRC-sponsored state-sponsored actor lives off the land. He uses built-in tools in the network to evade defences, and leaves no trace.” It is therefore imperative that we work together to identify and remove this actor from our networks.
Living off the Land” is a term used to describe cyber attacks which use legitimate software already installed on a user’s device to hack into a system. This makes it much more difficult to detect compared to traditional malware attacks, which require victims to download files.
John Hultquist is the chief analyst of Mandiant Intelligence, a cyber-defence service owned by Google. He said that Volt Typhoon was an “aggressive” and “potentially dangerous” hack.
“Chinese Cyberthreat Actors are unique among their peers because they haven’t regularly used destructive and disruptive cyberattacks. Their capability is therefore quite opaque. This is an opportunity to prepare and investigate this threat.