Volt Typhoon, BackdoorDiplomacy, and other Chinese groups hacking critical infrastructure in the US

China and the United States seem to be perpetually squabbling. One of Washington’s biggest grouses is that the Asian giant is always snooping. (Beijing has similar complaints). Chinese ‘secret police stations’ in the US and the surveillance balloons have been the latest examples. And now Chinese hacking teams are the centre of the latest spying allegations. Western intelligence agencies and cybersecurity companies have blamed Chinese hacking teams for global digital incursion campaigns that have targeted everything from government and military organisations to corporations and media organisations. Cybersecurity firms believe many of those groups are backed by China’s government. US-based cybersecurity firm Mandiant has said some Chinese hacking groups are operated by units of China’s army. In the most recent development, Microsoft on Wednesday said that Chinese state-sponsored hackers had compromised “critical” US cyber infrastructure across numerous industries with a focus on gathering intelligence. The attack is apparently ongoing. In an advisory, Microsoft urged impacted customers to “close or change credentials for all compromised accounts”. US intelligence agencies became aware of the incursion in February, around the same time that a Chinese spy balloon was downed, The New York Times reported. Infrastructure in nearly every critical sector has been impacted, Microsoft said, including the communications, transport and maritime industries. Government organisations were also targeted. The infiltration was focused on communications infrastructure in Guam and other parts of the US, the Times reported, and was particularly alarming to US intelligence because Guam sits at the heart of an American military response in case of an invasion of Taiwan. [caption id=“attachment_12648632” align=“alignnone” width=“640”] While China and the United States routinely spy on each other, analysts say this is one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure. Reuters[/caption] China’s authorities have consistently denied any form of state-sponsored hacking, saying China itself is a frequent target of cyberattacks. It has dubbed the US National Security Agency (NSA) as “the world’s largest hacker organisation”. Some of the biggest Chinese hacking teams identified by intelligence agencies and cybersecurity groups are: Volt Typhoon Western intelligence agencies and Microsoft said on 24 May that Volt Typhoon, a group they described as state-sponsored, had been spying on a range of US critical infrastructure organisations, from telecommunications to transportation hubs. Microsoft stated in a statement that the Chinese hacker squad, codenamed “Volt Typhoon,” had been active since mid-2021. According to CNBC, the organisation is attempting to damage “critical communications infrastructure between the United States and Asia.” The NSA put out a bulletin Wednesday, detailing how the hack works and how cybersecurity teams should respond. Volt Typhoon is able to infiltrate organisations using an unnamed vulnerability in a popular cybersecurity suite called FortiGuard, Microsoft said. Once the hacking group has gained access to a corporate system, it steals user credentials from the security suite and uses them to try to gain access to other corporate systems. **Also Read: US-China trade barbs on disinformation cyberscape** The state-sponsored hackers aren’t looking to create disruption yet, Microsoft said. Rather, “the threat actor intends to perform espionage and maintain access without being detected for as long as possible.” While China and the United States routinely spy on each other, analysts say this is one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure. China’s foreign ministry described the reports as part of a US disinformation campaign. ‘BackdoorDiplomacy’ BackdoorDiplomacy is a cyber espionage threat group that has been active since at least 2017. It has targeted foreign ministries and telecommunications businesses in Africa, Europe, the Middle East, and Asia. Palo Alto Networks, a US cybersecurity firm, says its research showed BackdoorDiplomacy has links to the Chinese state and is part of the APT15 hacking group. [caption id=“attachment_12648652” align=“alignnone” width=“640”] Western intelligence agencies and Microsoft said on 24 May that Volt Typhoon, a group they described as state-sponsored, had been spying on a range of US critical infrastructure organisations. AP[/caption] A Reuters report in May identified BackdoorDiplomacy as being behind a widespread series of digital intrusions over several years against key Kenyan ministries and state institutions. The Chinese authorities said it was not aware of such hacking and described the accusations as baseless. APT 41 Chinese hacking team APT 41, which is also known as Wintti, Double Dragon and Amoeba, has conducted a mix of government-backed cyber intrusions and financially motivated data breaches, according to US-based cybersecurity firms FireEye and Mandiant, reports Reuters. The US secret service said the team had stolen US COVID relief benefits worth tens of millions of dollars between 2020-2022. Taiwan-based cybersecurity firm TeamT5 said the group had targeted government, telecoms, and media victims in Japan, Taiwan, Korea, the United States and Hong Kong. APT 41 was named by the US justice department in September 2020 in relation to charges brought against seven hackers for allegedly compromising more than 100 companies around the world. The Chinese authorities have described such reports as “groundless accusations”. APT 27 Western intelligence agencies and cybersecurity researchers say the Chinese hacking team APT 27 is sponsored by the state and has launched multiple attacks on Western and Taiwanese government agencies, according to Reuters. APT 27 claimed responsibility for cyber attacks against Taiwan in 2022 during a visit by then-US House of Representatives Speaker Nancy Pelosi, saying it acted as a protest because Pelosi defied China’s warnings not to visit. Cybersecurity firm Mandiant said last year the group compromised the computer networks of at least six US state governments between May 2021 and February 2022, while the German authorities named blamed it for attacks against German pharmaceuticals, technology and other companies. With inputs from agencies  Read all the Latest News , Trending News , Cricket News , Bollywood News , India News and Entertainment News here. Follow us on Facebook, Twitter and Instagram.