Western intelligence agencies and Microsoft have said that a Chinese state-sponsored hacking group spied on a wide range of critical infrastructure organizations in the United States, from telecommunications to transportation hubs.
And Microsoft added in a report that the espionage targeted the island of Guam, which includes strategic US military bases, and that “mitigating the effects of this attack may represent a difficult challenge.”
China and America used to spy on each other, but analysts say these attacks are one of the largest known cyber espionage operations against US critical infrastructure.
Chinese Foreign Ministry spokeswoman Mao Ning said – today, Thursday – that the hacking allegations are a “collective disinformation campaign” from the “Five Eyes” countries, referring to an intelligence-sharing group that includes the United States, Canada, New Zealand, Australia and the United Kingdom.
She indicated that Washington launched the campaign for geopolitical reasons, and that a local report by Microsoft showed that the US government uses institutions other than government agencies in disinformation campaigns.
“But regardless of the various methods used, none of this can change the fact that the United States is the hacking empire,” she added – at a regular press conference in Beijing.
It was not immediately clear how many organizations were affected, but the US National Security Agency said it was working with partners including Canada, New Zealand, Australia and the United Kingdom, as well as the US Federal Bureau of Investigation, to determine the extent of the violations.
Canada, the United Kingdom, Australia and New Zealand have warned that they could also be targeted by the hackers.
Microsoft analysts said they have “medium confidence” that this Chinese group – which it dubbed “Volt Typhoon” – is developing capabilities that could disrupt critical communications infrastructure between the United States and the Asian region during future crises.
John Haltquist, head of threat analysis at Google’s Mandiant Intelligence, said the Chinese activity is also unique and worrisome, because analysts do not yet have enough insight into the group’s capability.
Targeting military infrastructure
And at a time when China has stepped up its military and diplomatic pressure in its claim of sovereignty over the self-ruled island of Taiwan, US President Joe Biden has said he is ready to use force to defend it.
Security analysts expect Chinese hackers to try to target US military networks and other critical infrastructure facilities if China attacks Taiwan.
Microsoft said the Chinese hacking group has been active since at least 2021, targeting many sectors including telecommunications, manufacturing, utilities, transportation, construction, marine, government apparatus, information technology and education.
NSA cybersecurity director Rob Joyce noted that Chinese attacks use “built-in network tools to evade our defenses and leave no trace behind.”
In contrast to traditional hacking techniques, Microsoft said this group infects a target’s existing systems to find information and extract data.
Guam is the target
The island of Guam includes US military installations that could play a key role in responding in the event of any conflict in the Asia-Pacific region, and it is a major communications center linking Asia and Australia to America through many submarine cables.
Bart Hoogvin, a senior analyst at the Australian Strategic Policy Institute who specializes in state-sponsored cyber attacks in the region, said the undersea cables made Guam a “logical target for the Chinese government” for intelligence.
For its part, New Zealand confirmed that it will work to identify any such malicious electronic activity in the country.
“It is important to our country’s national security that we are transparent and open with Australians about the threats we face,” Australian Home Affairs and Cyber Security Minister Claire O’Neill said.
In turn, the Canadian Cybersecurity Agency stated that there have not yet been any reports of Canadian victims of this piracy, and added that “Western economies are closely interconnected,” and said, “Much of our infrastructure has been closely integrated, and an attack on one of them can affect the other.”